CES:  Palm's  Pre  steals  the  show 

Palm's  Pre,  a  new  touchscreen  entry  in  the  smart¬ 
phone  sweepstakes,  stole  the  attention  at  last 
week's  Consumer  Electronics  Show.  Page  10. 


The  corporate  Apple 

Apple  is  using  servers  and  the 
iPhone  to  slowly  but  surely  attract 
enterprise  users.  Page  12. 
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IT  vendors  eye 
new  markets  in 
down  economy 

BY  NETWORK  WORLD  STAFF 

Today’s  rough  economy  hasn’t  put  the  brakes  on  ven¬ 
dor  ambition. 

Microsoft  aims  to  become  a  dominant  player  in  hosted 
software  and  cloud  computing  in  2009,  despite  its  late 
entry  in  these  markets.  Ditto  for  Microsoft  in  the  virtual¬ 
ization  arena  —  where 
early  arrival  VMware 
has  some  lofty  goals  of 
its  own,  including 
shooting  for  a  bigger 
role  in  data-center 
management. 

No  less  ambitious  is 
Cisco,  which  is  plot¬ 
ting  a  switching  up¬ 
grade,  blade  servers 
for  the  data  center 
and  a  security  plan  for 
virtualized  and  cloud-computing  environments. 
Juniper  Networks  plans  a  refresh  of  its  entire  product 
portfolio,  and  Avaya  will  sharpen  its  focus  on  unified 
communications. 

Read  on  for  details  about  what  to  expect  this  year  from 
these  and  other  key  IT  vendors,  including  their  most 
pressing  2009  priorities  and  potential  stumbling  blocks. 

Microsoft  sharpens  services,  virtualization  focus 

Microsoft’s  services  push  dominated  its  2008  agenda, 
and  now  it’s  time  to  deliver  the  goods. 

Industry  watchers  are  tuned  in  for  details  on  Azure, 
Microsoft’s  newly  unveiled  cloud  operating  system,  as 
well  as  the  first  Web-based  versions  of  popular  Office 
applications,  due  this  year.  These  play  prominently  in 

See  Crystal  ball,  page  20 


EXCLUSIVE  TEST 

Cisco's  ASR  router: 
A  strong  first  effort 


BY  DAVID  NEWMAN,  NETWORK 
WORLD  LAB  ALLIANCE 

With  enterprises  looking  to  consolidate 
data  centers  and  devices,  Cisco’s  new  ASR 
1000  series  router  offers  a  compelling  mes¬ 
sage:  Do  more  with  less. 

In  an  exclusive  Network  World  Clear 
Choice  Test,  the  ASR  not  only  moved  traffic 
at  20Gbps  but  did  so  while  running  QoS, 
security  and  monitoring  functions  on  120 
million  flows  from  hundreds  of  concurrent 
routing  sessions. 

The  ASR  performed  capably  when  han¬ 
dling  multicast  and  IPSec  VPN  traffic.  With 
a  40-core  processor,  the  ASR  has  enough 
headroom  to  run  firewalls  and  other  ser¬ 
vices  without  requiring  more  hardware. 

That’s  not  to  say  the  ASR  isn’t  still  a  work 
in  progress.  Its  data-plane  capacity  needs  to 
grow, and  Cisco  hasn’t  rolled  out  all  the  ser- 


Exclusive  test  shows  the  ASR  1006 
is  fast  and  flexible,  but  Cisco  still 
needs  to  expand  capacity  and 
deliver  services. 

vices  the  ASR  eventually  will  support.  But 
this  is  a  strong  initial  effort,  well  worth  con¬ 
sideration  by  the  many  enterprises  looking 
to  replace  tiers  of  aging  7200  and  7500 

See  Cisco,  page  16 


Citrix  is  Xen 
master 

Top  take-aways  from 
two-tiered  test: 

1 .  Citrix  XenServer  tops  Novell 
and  Virtual  Iron  in  test  of  Xen- 
basedVM  products. 

2.  Xen-based  hypervisors  stack 
up  well  against  VMware  s  RSX  and 
Microsoft’s  Hyper-V  Page  28 

And  go  online  for  detailed  results 
of  Xen  performance  tests. 

www.nwdocfinder.com/8233 


Your  potential.  Our  passion. 

Microsoft 


Mediterranean  Shipping  Company  has 
discovered  a  new  form  of  energy. 


Mediterranean  Shipping  Company  (MSC)  is  the  second-largest 
container  ship  line  in  the  world,  with  a  database  that  tracks  more 
than  210  billion  transactions  a  year.  The  company  recently  upgraded 
its  database  to  Microsoft"  SQL  Server"  2008,  not  only  to  handle  this 
massive  load,  but  also  to  simplify  MSC's  database  administration 
and  help  ensure  high  availability.  Which  is  like  a  new  form  of  energy 
for  MSC.  See  the  whole  story  at  SQLServerEnergy.com 

Microsoft' 

yj|  SQL  Server  2008 
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12  Where  Apple  stands  in  the  enterprise. 
12  Consortium  tackles  cloud  computing. 

14  Opinion  Andreas  Antonopoulos: 

On  botnets,  encryption,  mega-worms: 
Security  predictions  for  2009. 

42  Opinion  BackSpin:  COBOL  and 
governmental  efficiencies. 

APPLICATION  SERVICES 

10  CES  2009:  Palm  Pre  leads  gadget 
parade. 


COOL 

TOOLS 


42  Opinion  ’Net  Buzz:  2009’s  25  geek- 
iest  25th  anniversaries. 

SERVICE  PROVIDERS 


■  WowWee’s  ultraportable  projector, 
the  Cinemin  Stick,  was  one  of  the  many 
products  announced  at  CES  last  week. 
See  Cool  Tools,  page  26. 


GOODBADUGLY 

A  stimulus  package  for  you 

The  nonprofit  Information  Technology 
and  Innovation  Foundation  think  tank  is 
urging  Congress  to  devote  $30  billion 
of  the  $775  billion  stimulus  package 
proposed  by  President-elect  Obama  to 
the  IT  industry,  saying  such  a  move 
will  create  or  retain  nearly  1  million 
jobs,  more  than  half  of  them  at  small 
businesses. 

EMC  joins  layoff  parade 

Despite  expecting  to  meet  revenue 
estimates  for  its  fourth  quarter,  EMC 
says  it  is  instituting  a  restructuring 
program  that  includes  laying  off  2,400 
people.The  restructuring  is  aimed  at 
streamlining  costs  associated  with 
EMC’s  Information  Infrastructure  busi¬ 
ness,  and  will  not  affect  VMware, 

EMC’s  virtualization  subsidiary,  the 
company  says.The  2,400  people  repre¬ 
sent  about  7%  of  the  Information 
Infrastructure  business. 
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There  goes  some  more  data 


More  than  35  million  data 
records  were  breached 
in  2008  in  the  United 
States,  a  figure  that 
underscores  the 
continuing  diffi¬ 
culties  in  secur¬ 
ing  information, 
according  to  the 
Identity  Theft  Re¬ 
source  Center.The 
majority  of  the  lost 
data  was  neither  encrypted  nor  pass¬ 
word-protected. 
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Citrix  is  Xen 
master 
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Top  take-aways  from 
two-tiered  test: 
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1.  Citrix  XenServer  tops 
Novell  and  Virtual  Iron  in  test 
of  Xen-based  VM  products. 


2.  Xen-based  hypervisors 
stack  up  well  against 
VMware’s  ESX  and 
Microsoft’s  Hyper  V.  Page  28 
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Go  online  for  results  of  Xen 
performance  tests. 

www.nwdocfinder.com/8233 
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A  snapshot  of  how  networkworid.com 
visitors  voted  on  a  key  networking  issue 
last  week: 


Which  technology  will  be  the  hottest 
this  year? 


Network  Access  Control  3% 


Data  protection  4% 
Other  6% 

Web  2.0  7% 


Green  IT  9% 
Unified 

communications 


Virtual¬ 

ization 

19% 


-11%10G 

Ethernet 


Total  voters  for  this  poll:  159 


Vote  and  discuss:  www.nwdocfinder.com/8243 


PEERSAY 

More  historical  data  needed  Ah,  standards 


Re:  Taking  the  art  out  of  networking 
(www.nwdocfinder.com/8236): 

The  finite-element  analysis  software  model¬ 
ing  you  reference  in  the  BoBus  888  story  is 
only  as  useful  as  the  data  it  receives.  In  real  IT 
environments,  historical  network  traffic  data 
can’t  be  gathered  and  modeled  quickly 
enough  to  make  meaningful  budget  numbers. 
Contrast  this  with  the  BoBus  model  though  — 
material  elasticity  curves,  resonant  frequen¬ 
cies  and  fluid-dynamic  properties  for  the  com¬ 
ponents  are  well-known 
and  quantifiable.  This  is 
the  fundamental  differ¬ 
ence  between  the 
industries  that  arguably 
does  make  networking 
a  bit  more  of  an  art. 

Ours  is  a  very  young 
industry;  our  tools  and 
processes  have  not 
caught  up  with  the 
requirements. 

The  biggest  practical  issue  is  coming  up  with 
quantifiable  models  for  how  the  traffic 
behaves  and  will  grow  over  time  so  you  can 
build  a  meaningful  model.  At  a  minimum,  this 
must  be  done  on  a  per-site  basis  and  broken 
out  into  a  src/dst  matrix;  sometimes  even  with¬ 
in  local  server  farms  or  functional  silos  within 
a  particular  POP  Most  companies  don’t  make 
this  a  priority  until  it  is  far  too  late  to  gather 
meaningful  data.  I  think  12  months  of  histori¬ 
cal  data  is  a  useful  number.  Furthermore, 
many  don’t  have  the  experience  in  long-term 
protocol  analysis  tools  and  data  organization 
to  build  a  case  that  can  be  abstracted  into 
yearly  growth  rates. 

I’m  in  the  process  of  building  a  network 
architecture  requirements  checklist,  and 
quite  honestly  never  thought  to  add  histori¬ 
cal  traffic  records  to  my  list  of  requirements; 
thank  you  for  raising  this  important  point  of 
network  modeling. 

Mike  Pennington 

Discuss  at  www.nwdocfinder.com/8236 


**It’s  your  responsibility 
to  get  your  non-Cisco 
box  right,  not  Cisco’s  job 
to  troubleshoot  it 
for  you.55 


►  SPECIAL  NETWORK  WORLD  FEATURE 


SCAN  THIS  CODE 
with  your  cell 
phone  to  get  the 
latest  IT  network 
news  delivered  to 
your  cellular 
device. 


■  ■ 
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To  get  the  client 
software,  use  your  phone  browser  to 
visit  wap.connexto.com 

For  more  information  on  code  scanning 
see  www.nww.com/codescan 


Re:  Is  Cisco  customer  advocacy  being 
thrown  under  the  bus?  (www.nwdocfinder. 
com/  8237): 

The  great  thing  about  standards  is  that  there 
are  so  many  different  ones  to  choose  between. 
IPSec  suffers  from  this  because  there  are  so 
many  different  options  in  the  protocols  and 
vendors  take  different  approaches  to  meeting 
their  particular  requirements.  Interoperability 
is  better  today  than  it  was  a  decade  ago,  but  it’s 
still  not  perfect. 

Cisco’s  responsibility 
to  their  users  is  to  make 
sure  that  most  Cisco 
platforms  can  talk  to 
each  other  and  that  they 
have  good  documenta¬ 
tion  on  how  to  set  them 
up  and  which  ones,  if 
any  don’t  work  well. 

Can  you  do  more 
connecting  a  pair  of 
ASAs  together  than 
connecting  an  ASA  to  a  $49  Linksys? 
Probably,  and  you  should  expect  the  ASA  to 
perform  faster  than  the  Linksys. 

Beyond  that,  Cisco  should  be  able  to  tell  you 
how  to  install  a  Cisco  software  VPN  client  on  a 
Windows  box,  and  maybe  how  to  set  up  the 
standard  configurations  on  a  Linux  or  Open- 
BSD  box,  but  it’s  your  responsibility  to  get  your 
non-Cisco  box  right,  not  Cisco’s  job  to  trou¬ 
bleshoot  it  for  you. 

I’m  not  a  quadruple-CCIE,just  a  CCNA  who’s 
been  watching  crypto  for  a  couple  of 
decades. 

Bill  Stewart 

Discuss  at  www.nwdocfinder.com/8237 

No  need  for  Internet  Explorer 

Re:  IE  lost  market  share,  but  think  about 
it...  (www.nwdocfinder.com/8238): 

At  work,  I  use  Firefox  exclusively  —  no 
corporately  blessed  ports  of  Internet 
Explorer  available  on  Sun  Solaris.  At  home, 
I  now  use  Google  Chrome  almost  exclu¬ 
sively:  I  keep  Firefox  and  Safari  for  Windows 
up  to  date.  Firefox  is  set  to  be  my  default 
browser. 

When  I  saw  the  monstrous  interface  after 
I  upgraded  to  Internet  Explorer  7,1  immedi¬ 
ately  stopped  using  Internet  Explorer  and 
haven’t  bothered  to  even  try  downgrading 
to  IE6.A11  of  the  Web  pages  I  frequently  visit 
work  just  fine  with  Firefox,  Safari  for 
Windows  or  Chrome. 

Mark  C.  Phinney 

Discuss  at  www.nwdocfinder.com/8238 


E-mail  letters  to  jdix@nwiv.com  or  send  them 
to  John  Dix,  editor  in  chief,  Network  World,  492 
Old  Connecticut  Path,  Framingham,  MA  01 701- 
9002.  Please  include  phone  number  and  address 
for  verification 
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NEC’s  Unified  Communications  provide  a  dynamic  and  realistic  connection  among 
individuals,  devices,  applications,  and  data.  Based  on  a  combination  of  innovative 
technologies  and  advanced  solutions,  its  mobility  and  flexibility  enables  people  to 
experience  greater  efficiency  and  productivity  -  in  any  industry. 
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CES  2009: 


CES  2009: 


Tom  Hanks  as  gad¬ 
get  reviewer 

During  Sony’s  keynote 
at  the  show,  Howard 
Stringer  talked  about 
some  futuristic  glasses, 
and  the  audience  got  an 
instant  review  from 
actorTom  Hanks. 

www.nwdocfinder.com/8249 


Webcams  go  3-D 

The  Webcam  is  stan¬ 
dard  on  most  comput¬ 
ers  these  days,  but  we 
saw  one  that  uses  to 
cameras  to  produce  a 
3-D  image. 

www.nwdocfinder.com/8250 


CES  2009: 
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Honey,  they  added  a 
screen  to  my  laptop 

Lenovo’s  uniqueThink- 
PadW700ds  made  its 
debut  at  CES,  with  its 
slide-out  additional 
display. 

www.nwdocfinder.com/8251 
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Management  must-dos  in  2009 


BLOGOSPHERE 


1  Why  XP  users  will  switch  to  Windows 

7.  Ron  Barrett  writes  in  his  A  Better 
Windows  World  blog,  “XP  users  who  fought 
so  hard  to  protect  Windows  XP  will  finally 
let  it  go  and  move  to  Windows  7.  As  I  said 
yesterday,  the  resistance  to  moving  to  Vista 
came  from  two  very  prominent  components: 
the  enhanced  security  (or  security  that 
actually  works  as  some  people  have 
expressed)  and  the  new  user  interface. 
These  were  the  surface  reasons  but  an¬ 
other,  underlying  reason  existed  as  well  — 
electronics  stores  were  made  to  push  Vista 
and  soon  after  its  release,  getting  a  PC  with 
Windows  XP  was  nearly  impossible.” 
www.nwdocfinder.com/8245 

■  Job  prospects  better  for  CCxP  than 
CCIE?  Wendell  Odom  writes  in  his  Cisco 
Cert  Zone  blog,  “Seems  like  most  everyone 
these  days  is  talking  about  jobs  and  job 
prospects.  A  friend  of  mine  has  even  gotten 
in  the  habit  of  just  asking,  ‘have  you  got  a  job 
currently?’  instead  of  the  usual  innocuous 
greetings.  So,  continuing  on  this  thread  for 
another  post  or  two,  let  me  ask  the  following 
question:  Are  CCxPs  better  off  in  today’s 
job  market  than  CCIEs?”  www.nw 
docfinder.com/8246 

■  How  the  yellow  first-down  line  on 
football  broadcasts  actually  works. 

Curt  Monash  writes  in  his  A  World  of  Bytes 
blog,  “Fandome  offers  a  fascinating  3-1/2- 
minute  video  explaining  how  the  first-down 
line  on  football  broadcasts  actually  works. 
Evidently,  there's  a  lot  of  processing  to  cal¬ 
culate  the  exact  location  being  photo¬ 
graphed  on  the  field,  and  a  lot  more  to  draw 

a  line  in  exactly  the  right  place _ Highlights 

include:  ‘Pan’  and  ‘tilt’  are  measured  by  op¬ 
tical  sensors  right  on  the  camera;  focus  and 
two  kinds  of  zoom  are  measured  by  connec¬ 
tors  to  the  existing  digital  outputs  of  the 
camera;  this  is  all  then  encoded  into  a 
modem-like  audio  stream."  www.nwdoc 
finder.com/8247 

■  Clearwire  stake  could  pierce  Google. 

The  Google  Subnet  blog  reports,  “Major 
investors  in  Clearwire,  the  new  firm  that 
plans  to  build  the  first  nationwide  high¬ 
speed  4G  wireless  broadband  network,  are 
feeling  the  pain  of  the  economic  downturn, 
big  time.  Time  Warner  and  Intel  both  re¬ 
ported  heavy  charges  due  to  their  Clearwire 
stakes,  as  shares  in  the  nascent  firm 
dropped  60%  in  just  six  months.  And  as 
MarketWatch  reports,  that  string  of  bad 
news  is  likely  to  lead  to  straight  to  another 
big  Clearwire  backer,  Google.”  www.nw 
docfinder.com/8248 


Network  management:  There  comes  a 
time  when  a  nice-to-have  tool  evolves  into  a 
must-have  technology  2009  marks  the  year 
that  several  management-focused  IT  projects 
will  move  from  the  nice-to-have  to  the  must- 
have  column  on  network  managers’  check¬ 
lists.  "IT  departments  are  going  to  find  that 
mostly  due  to  the  economy  they  will  be 
forced  to  do  many  things  they  should  have 
been  doing  all  along,"  says  Glenn  O’Donnell, 
senior  analyst  with  Forrester  Research.  "Pro¬ 
cess  improvements,  advanced  automation 
and  other  projects  will  be  pushed  up  to  the 
top  of  many  lists."  For  instance, companies 
once  considering  best  practices  frameworks 
such  as  ITIL  could  focus  IT’s  attention  on 
process  improvements  —  which  some  say 
will  deliver  benefits  without  requiring  capital 
investment.  ITIL  and  other  frameworks,  such 
as  CoBIT,  Six  Sigma  and  ISO,  do  require  large 
time  and  staff  investments,  but  not  as  many 
budget  dollars. 

www.nwdocfinder.com/8240 

SMB:  It’s  a  new  year,  so  let’s  make  some  reso¬ 
lutions.  Sure,  you  do  it  every  January  and  little 
happens,  but  this  year  will  be  different.This 
year,  the  tightening  economy  will  force  peo¬ 
ple  to  pay  more  attention,  watch  what  their 
customers  and  competitors  are  doing,  and 
look  for  an  edge.  Collaboration  will  give  you 
that  edge. You  have  phones  in  your  office  and 


in  your  pocket.You  have  texting  for  the  phone 
and  e-mail  and  instant  messaging  for  the 
computers  (if  you  can  stand  to  thumb  your 
phone  constantly  and  stay  at  your  computer 
all  the  time).  But  those  tools  are  from  the  old 
days,  and  no  longer  give  you  an  edge.Take  a 
step  back  and  look  at  how  you’re  communi¬ 
cating  (or  not)  within  the  company  If  you’re 
still  a  small  company  in  one  location, yelling 
down  the  hall  may  be  the  same  as  an  all¬ 
hands  memo.  But  since  few  small  companies 
have  a  single  location  anymore,  and  even 
those  that  do  need  to  communicate  with 
workers  at  home  and  on  the  road, you’ll  need 
to  be  connected  to  something  somewhere. 
www.nwdocfinder.com/8241 

Tech  exec:  Whew!  The  busy  season  for 
online  holiday  shopping  has  finally  ended. 
Now  it’s  time  to  analyze  the  results  and  figure 
out  how  to  handle  the  process  better  for  next 
year.  No  doubt  one  of  the  metrics  that  online 
retailers  will  be  taking  a  hard  look  at  is  shop¬ 
ping-cart  abandonment.  According  to  Mar¬ 
keting  Sherpa,59.8%  of  online  shoppers  aban¬ 
don  their  cart  without  ever  making  a  pur- 
chase.The  reasons  for  this  vary  — “I  was  com¬ 
parison  shopping, ’’“Shipping  costs  were  too 
high” —  but  doubts  about  the  Web  site’s  secu¬ 
rity  certainly  ranks  among  the  top  five  reasons 
for  cart  abandonment. 
www.nwdocfinder.com/8242 
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Looking  for  a  domain? 

More  ways  to  get  the  domain 


name  you  REALLY  want! 


New! 


new  domains ... 

When  you  search  for  a  domain  name,  our 
domain  checker  automatically  gives  you  relevant 
domain  suggestions,  ensuring  that  you  find  the 
best  domain  name  for  your  website. 


■m 


FRI 

Re 

Your 


...  or  buy  a  domain  that 
already  been  registered. 

If  the  domain  name  you  want  has  already 
been  registered,  you  can  use  our  FREE 
domain  auction  service  to  search  over 
14  million  domain  names  and  make  a  bid 
on  the  one  you  want. 


com  domains 
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Follow  these  links  to  more  resources  online 

op  25  software  errors  cause 
most  security  woes 

Most  IT  security  woes,  from  software  patching  to  cybercrime,  can  be 
traced  to  the  effects  of  25  software  programming  errors,  according  to  a 
broad  consensus  of  government  and  security  firms.  These  errors 
include  improper  input  validation,  improper  encoding  or  escaping  of  output, 
failure  to  preserve  SQL  query  structure  (SQL  injection),  and  failure  to  pre¬ 
serve  Web  page  structure  (cross-site  scripting). These  are  among  the  worst  of 
the  worst  in  the  list  of  the  Top  25,  published  this  week  by  MITRE  Corp.  and  The 
SANS  Institute,  participants  in  the  Common  Weakness  Enumeration  project 
organized  by  the  Department  of  Homeland  Security’s  National  Cybersecurity 
Division.  The  goal  of  the  three-year  project  was  not  only  to  get  industry  to 
focus  on  the  worst  software  mistakes  but  also  to  provide  a  common  vocabu¬ 
lary  to  address  them  in  both  training  and  tools.  “This  is  the  first  serious 
attempt  at  building  a  taxonomy  of  software  security  weaknesses  and  flaws 
with  an  emphasis  on  practical  application  of  identifying,  preventing  and  fix¬ 
ing  or  mitigating  the  issues  they  pose,”  said  Ivan  Arce,  CTO  at  Core  Security 
Technologies,  www.nwdocfinder.com/8252 


Microsoft  to  kick  off  2009  with  single 
security  fix.  After  being  forced  to  rush 
out  an  emergency  patch  for  its  Internet 
Explorer  browser  last  month,  Microsoft 
plans  to  release  just  one  security  update  in 
its  first  patch  release  of  2009. The  update 
will  be  a  critical  fix  for  server  and  desktop 
versions  of  Windows,  Microsoft  said  last 
week.  It  fixes  at  least  one  bug  that  could  let 
attackers  install  unauthorized  software  on 
a  victim’s  computer.  Microsoft  did  not  say 
which  bugs  it  would  be  fixing,  but  the  com¬ 
pany  has  several  to  choose  from.  In  the 
past  month,  Microsoft  has  warned  of  flaws 
in  its  WordPad  Text  Converter  and  SQL 
Server  database  software.  One  security 
researcher  also  has  claimed  that  there  is  a 
bug  in  Microsoft’s  Windows  Media  Player, 
but  the  company  has  disputed  his  findings. 
www.nwdocfinder.com/8253 

Obama  includes  broadband,  smart 
grid  in  stimulus  package.  U  S. 

President-elect  Barack  Obama  last  week 
laid  out  his  plan  for  a 
huge  economic  stimu¬ 
lus  package,  including 
a  broadband  rollout, 
an  Internet-based 
smart-energy  grid  and 
computers  for 
schools.  The  stimulus 
package  could  cost 
close  to  $1  trillion. The  president-elect 
called  the  U.S.  economic  situation  a  “crisis 
unlike  any  we  have  seen  in  our  lifetime.” 
More  needs  to  be  done  to  retrofit  America 
for  a  global  economy,  he  said. “That  means 
updating  the  way  we  get  our  electricity  by 


starting  to  build  a  new  smart  grid  that  will 
save  us  money,  protect  our  power  sources 
from  blackout  or  attack,  and  deliver  clean, 
alternative  forms  of  energy  to  every  corner 
of  our  nation.  It  means  expanding  broad¬ 
band  lines  across  America,  so  that  a  small 
business  in  a  rural  town  can  connect  and 
compete  with  their  counterparts  anywhere 
in  the  world.”  He  also  called  for  all  U.S. 
medical  records  to  be  computerized  with¬ 
in  five  years.www.nwdocfinder.com/8254 

AT&T  builds  $23M  IPv6  network  for  U.S. 
military.  AT&T  is  building  a  production- 
quality  IPv6  data  network  for  the  U.S.  Army  in 
Germany  that  will  cost  approximately 
$23  million.  IPv6  adoption  is  on  the  rise 
because  of  network  industry  predictions  that 
the  Internet  will  run  out  of  IPv4  addresses 
within  three  years.  At  that  time,  all  backbone 
and  corporate  networks  will  need  to  support 
IPv6. The  Army  is  ahead  of  the  curve  with  its 
state-of-the-art  data  network,  which  will  sup¬ 
port  its  operations  in  Grafenwoehr,  Germany 
—  the  home  of  the  7th  Army  Joint  Multi¬ 
national  Training  Center.  AT&T  is  installing 
and  testing  a  campus  data  network,  which 
will  support  Army  personnel  at  600  JMTC 
buildings.  AT&T  says  the  installation  will  be 
complete  in  January  2010. 
www.nwdocfinder.com/8255 

Big  Skype  update  coming.  Skype  will 
release  a  big  upgrade  to  its  PC  client  soft¬ 
ware  early  next  month,  making  videocon¬ 
ferencing  a  central  feature  of  the  new 
interface.  The  company  also  has  released 
a  beta  version  of  Skype  for  Google 
Android  and  other  Java-enabled  phones, 


and  said  a  version  for  Apple’s  iPhone  is  in 
the  works.  Skype  also  plans  to  increase  its 
focus  on  business  customers  this  year. 
Skype  4.0,  which  has  been  in  beta  for  sev¬ 
eral  months,  will  be  released  in  early 
February  for  PC  users,  with  an  equivalent 
for  the  Mac  OS  due  later  this  year,  accord¬ 
ing  Scott  Durchslag,Skype’s  COO. The 
update  includes  a  codec  that  can  handle 
video  and  audio  twice  as  efficiently  as  the 
current  version,  giving  smoother  video  and 
clearer  voice  calls.  Skype  4.0  will  support 
30-frame-per-second  video  for  people  on 
fast  enough  connections,  he  said.  It  also 
supports  picture-in-picture,  so  the  caller 
can  see  himself  and  the  person  he  is  call¬ 
ing  www.nwdocfinder.com/8256 

CA  to  buy  data-loss  prevention  ven¬ 
dor.  CA  last  week  announced  an  agree¬ 
ment  to  acquire  for  an  undisclosed  sum 
data-loss  prevention  vendor  Orchestria, 
boosting  the  software  maker’s  security,  pri¬ 
vacy  and  compliance  technologies.The 
acquisition,  expected  to  close  by  month’s 
end,  will  be  the  third  security  buy  for  CA  in 
as  many  months.  Company  executives  say 
Orchestria’s  DLP  technology  will  enhance 
CA’s  identity  and  access  management 
products  with  capabilities  to  control 
access  and  set  policies  based  on  a  user’s 
identity  and  role.“CA  is  traditionally  strong 
on  the  identity  management  side,  but  we 
haven’t  gone  down  to  the  data  elements 
before. This  acquisition  is  a  great  opportu¬ 
nity  for  CA  to  tie  security  all  the  way  back 
to  identity  and  better  determine  who  has 
access  to  what,”  says  Dave  Hansen,  general 
manager  of  CA’s  Security  Management 
business  unit. 

www.nwdocflnder.com/8257 

Group’s  plan  for  Inauguration  Day: 
Telework.  With  Washington,  D.C.,  residents 
bracing  for  traffic  gridlock  and  over¬ 
whelmed  public  transportation  systems  on 
Inauguration  Day  (Jan.  20),  one  advocacy 
group  is  encouraging  employers  to  let  their 
workers  telecommute.The  swearing-in  cere¬ 
mony,  parade  and  other  related  events  are 
expected  to  draw  as  many  as  4  million  peo¬ 
ple  to  Washington,  which  has  a  year-round 
population  of  about  590,000.  Some  organiza¬ 
tions  in  Washington  are  giving  employees 
the  day  off,  but  other  employers  don’t  have 
that  option,  said  Cindy  Auten,  general  man¬ 
ager  of  Telework  Exchange,  a  group  that 
advocates  for  telecommuting.  If  the  large 
crowd  estimates  prove  correct,  traffic  grid¬ 
lock  will  likely  continue  throughout  the 
week,  with  many  out-of-towners  staying  in 
Washington  for  several  days,  she  noted. 
“There  are  a  lot  of  organizations  in  the  D.C. 
area  that  can’t  just  shut  down,”  she  said. “This 
is  a  good  opportunity  to  try  teleworking.” 
www.nwdocfinder.com/8258 
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Starting  a  website 


this  year? 

Choose  the  best. 


As  the  world's  largest  web  hosting  provider,  1&1  offers  website 
plans  for  every  skill  level  and  budget.  As  a  1&1  customer,  you  are 
not  only  assured  that  your  website  is  up  and  secure,  but  you'll  also 
get  the  tools  that  you  need  to  maintain  an  innovative  web  presence. 


BEGINNER  PACKAGE 


Easy  and  affordable,  it's  the  perfect  way  to  get 
started  on  the  web.  Includes  a  domain,  website¬ 
building  tool,  photo 
gallery,  blog  and 


HOME  PACKAGE 


Whether  it's  for  a  personal  website  or  a  small 
home  business,  this  package  includes  all  the 

basics  -  2  domains, 
site-building  tools 
and  more! 


BUSINESS  PACKAGE 


Everything  you  need  for  a  successful  business 
website.  3  domains,  E-mail  Marketing  Tool,  search 
engine  optimization  tool,  search  advertising 
vouchers  and  more! 
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DEVELOPER  PACKAGE 


This  premium  web  hosting  package  gives  you  5 
domains,  300  GB  web  space,  3,000  GB  monthly 
transfer  volume,  GeoTrust  Dedicated 
SSL  Certificate  and  more! 
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£S  2009:  Palm  Pre 
leads  gadget  parade 


Microsoft  touts 
Windows  7  beta,  other 
initiatives 

BY  JOHN  FONTANA  AND  BRAD  REED 

Palm  may  have  captured  much  of  the 
Consumer  Electronics  Show  buzz  last  week 
with  its  “Pre”  touchscreen  smartphone  with  a 
new  operating  system,  but  it  was  by  no  means 
the  only  gadget  maker  attracting  attention. 

Microsoft  tried  to  make  noise,  too,  with  CEO 
Steve  Ballmer  taking  over  for  Bill  Gates  as  the 
featured  keynote  speaker.  Ballmer  let  loose 
with  perhaps  the  worst  kept  secret  of  the  week 
—  the  beta  release  of  Windows  7  —  and  he 
had  little  new  to  show  in  a  demo  that  looked 
similar  to  the  one  at  October’s  Professional 
Developers  Conference. 

Hidden  in  the  glare  around  the  client  operat¬ 
ing  system,  Microsoft  also  announced  the  beta 
of  Windows  Server  2008  R2,  which  includes  the 
Live  Migration  features  that  have  been  missing 
from  the  first  version  of  Hyper-V 

Ballmer  did  surprise  with  four  announce¬ 
ments  including  the  availability  of  Windows 
Live  Essentials, which  includes  Messenger, Mail, 
Writer,  Photo  Gallery  Movie  Maker, Toolbar  and 
Family  Safety  He  also  unveiled  a  deal  with 
Facebook  that  connects  the  social-networking 
site  and  Windows  Live,  a  partnership  with  Dell 
that  will  put  Windows  Live  Essential  and  Live 
Search  on  Dell  consumer  PCs,  and  a  partner¬ 
ship  with  Verizon  that  will  have  the  mobile 
provider  shipping  Live  Search  on  all  its  phones 
in  the  United  States. 

As  for  the  Pre,  its  front  is  all  touchscreen  with 
a  single  button.  It  slides  upwards  on  a  slight  tilt, 
to  expose  a  full  keyboard.  But  the  CES  demon¬ 
stration  was  done  entirely  using  the  touch  inter¬ 
face:  no  keyboard  or  stylus.That’s  due  in  part  to 
what  Palm  dubs  webOS,  which  the  company 
says  will  provide  easy  access  for  developers. 

One  feature  is  Synergy  a  synchronization 
program  that  automatically  pulls  contact  infor¬ 
mation  from  sites  such  as  Facebook,  and 
Google,  as  well  as  Outlook,  organizes  it  and  cre¬ 
ates  a  single  listing  in  the  Pre. The  phone  also 
offers  a  consolidated  instant  messaging  feature 
from  multiple  IM  services. 

The  phone  supports  Sprint  EV-DO,  Rev  A,  and 
comes  with  built-in  Wi-Fi  and  Bluetooth,  a 
micro  USB  port,  USB  mass  storage  support,  and 
a  3.5mm  headphone  jack.The  battery  is  remov¬ 
able  but  recharges  via  Touchstone,  a  wireless, 
magnetic  induction  charger,  similar  to  that 
used  for  electric  toothbrushes. 

Aside  from  Palm,  the  big  trend  among  gadget 
vendors  was  to  create  consumer  electronic 
devices  that  have  a  smaller  impact  on  personal 


The  Palm  Pre  generated  a  lot  of  buzz 
at  CES  last  week.  The  touchscreen 
smartphone  slides  upwards  to  expose 
a  full  keyboard. 

space  and  the  environment.  In  the  former  cat¬ 
egory,  entertainment  devices  such  as 
Samsung’s  39mm  Blu-ray  player,  Sony’s  VAIO 
Lifestyle  PC  and  Lenovo’s  ultra-lean  IdeaCentre 
A600  all-in-one  desktop  vied  to  be  the  thinnest 
devices  ever  released.  In  the  latter  category 
such  manufacturers  as  Motorola  and  Nextar 
are  making  handsets  of  recycled  plastic  bottles 
and  solar-powered  hands-free  cell  phone  kits, 
respectively  Here  are  some  highlights: 

•  Samsung’s  39mm  Blu-ray  player  and  7mm 
flatscreen:  Samsung’s  Blu-ray  player  received  a 
lot  of  attention  at  CES  so  far,  as  it  measured 
only  39mm  (or  about  1.5  inches)  thick  and  fea¬ 
tured  a  slightly  curved  top  with  a  shiny  black 
finish.  Not  to  be  outdone  in  the  thinness  realm, 
Samsung  also  released  a  flatscreen  television 
set  that  measured  a  mere  7mm  thick. 

•  Motorola’s  MOTO  W233:  On  the  greener 
side  of  things,  Motorola  released  the  MOTO 
W233  Renew,  a  cellular  phone  made  out  of 
recycled  water  bottles  and  described  by  the 
company  as  “the  world’s  first  carbon-neutral 
phone.”  The  phone,  which  will  be  available 
exclusively  from  T-Mobile,  also  received  a 
CarbonFree  Product  Certification  from  the 

See  CES,  page  38 


InBrief 


EMC  buys  parts  of  SourceLabs 

EMC  has  acquired  assets  from  SourceLabs, 
a  maker  of  support  and  management  tools 
for  Linux  and  open  source  software.  EMC's 
enterprise-focused  cloud  storage  offering 
—  a  software  platform  called  Atmos  —  is 
the  focus  of  the  acquisition,  according  to 
EMC.  One  of  its  goals  with  Atmos  is  to 
automate  the  management  of  huge  storage 
volumes  across  wide  distances,  and  provide 
auto-healing  features  to  reduce  the  time 
administrators  spend  dealing  with  little 
bugs. To  that  end,  SourceLabs  maintains  a 
repository  of  16  million  potential  bugs  in 
Linux  and  Java  and  offers  an  automated 
diagnostics  tool  that  identifies  the  reasons 
behind  system  crashes  and  other  problems. 

Encryption  top  IT  security 
initiative 

IT  security  budgets  are  increasing  in  2009  to 
consume  12.6%  of  the  entire  IT  operating 
budget,  compared  with  11.7%  in  2008, 
according  to  Forrester  Research's  survey  of 
942  IT  and  security  managers  in  North 
America  and  Europe.  Staffing  and  upgrades 
to  existing  security  technology  are  taking  up 
more  than  half  of  the  IT  security  budgets 
overall. The  survey  also  shows  20%  of  the 
available  IT  security  funding  this  year  is 
expected  to  go  to  security  outsourcing,  con¬ 
sultants  and  managed  services,  with  another 
18.5%  targeting  new  security  initiatives.  Full- 
disk  encryption  was  cited  as  the  top  client 
security  technology  to  be  piloted  or  adopted 
this  year,  along  with  file-level  encryption. 
About  a  fifth  of  the  organizations  also  said 
they  expect  to  pilot  or  adopt  data-leak  pre¬ 
vention  during  the  next  12  months. 

ForcelO,  Turin  Networks 
merging 

Data  center  switching  vendor  ForcelO 
Networks  is  merging  with  Turin  Networks,  a 
provider  of  wireless  backhaul,  Carrier 
Ethernet  and  converged  access  systems  for 
service  providers. The  merged  company, 
which  will  carry  the  ForcelO  name,  will  have 
more  than  1,300  customers  and  a  product 
portfolio  designed  to  serve  both  the  enter¬ 
prise  and  service  provider  markets  through 
existing  sales  channels.The  agreement 
between  ForcelO  andTurin  is  another  exam¬ 
ple  of  consolidation  in  the  Ethernet  switch¬ 
ing  marketplace  as  Cisco  maintains  its 
dominance  and  Juniper  ramps  up  its  pres¬ 
ence  in  the  market.  Last  year  saw  Foundry 
Networks  merge  with  Brocade,  and 
Enterasys  Networks  link  up  with  Siemens 
Enterprise  Communications. 
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Need  a  server  for  your 
small  business?  KS 

Look  no  further.  HU3 


All  1&1  Premium  Servers  include 


Introducing  1&1  Premium  Servers,  a  powerful  new  line  of 
dedicated  servers  specifically  designed  for  high  performance 
needs.  Featuring  energy  efficient  technology,  these  top-of-the-line 
machines  reduce  costs  and  environmental  impact  with  increased 
performance-per-watt. 


■  RAID 

■  Plesk  8  with  100-domain  license 

■  FTP  backup  space 

■  Serial  Console:  Connect  directly  to  the  serial  port 
of  your  server,  even  if  the  network  is  down. 

■  Recovery  Tool:  Load  rescue  image  and  reboot  server. 

■  GeoTrust  Dedicated  SSL  certificate  (a  $49  value!) 

■  Easy-to-configure  firewall  and  more! 


Dual-Core  AMD  Opteron™  1218,  2  x  2.6  GHz, 
4  GB  DDR  RAM,  2  x  500  GB  Hard  Drive 


Quad-Core  AMD  Opteron™  1356,  4  x  2.3  GHz, 
8  GB  DDR  RAM,  2  x  1,000  GB  Hard  Drive 


'Offer  valid  for  a  limited  time  only.  Prices  based  on  Linux  servers.  Discount  applied  to  first  3  months  of  a  12  month  minimum 
contract  term,  $99  setup  fee  applies.  See  www.landl  .com  for  full  promotional  offer  details.  Certain  features  not  available 
with  Managed  Servers.  Product  and  program  specifications,  availability  and  prices  subject  to  change  without  notice.  1&I 
and  the  1&1  logo  are  trademarks  of  1&1  Internet  AG,  all  other  trademarks  are  the  property  of  their  respective  owners. 

©  2008  1&1  Internet,  Inc.  All  rights  reserved. 
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FREE!* 


1&1  ENTERPRISE  SERVER  I 
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FREE!* 


1&1  ENTERPRISE  SERVER  II 


3  months 


can  1-877-GO-1AND1 

„  www.1and1.com 
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NEWS  ANALYSIS 


Where  Apple  stands  in  the  enterprise 

IPhone,  Macs  deepen  reach,  but  broadband  corporate  strategy  lacking 


BY  JON  BRODKIN 

Consumer  products  were  the  main  focus  at 
Apple’s  MacWorld  Conference  last  week,  but 
with  powerful  Macs  and  the  iPhone,  Apple 
slowly  but  surely  is  making  progress  in  the 
enterprise  technology  world. 

More  companies  are  bringing  Macs  into 
their  networks  and  increasing  support  for  the 
iPhone,  recent  surveys  show.  Macs  generally 
are  pricier  than  Windows  PCs  but  an  increas¬ 
ing  number  of  companies  are  letting  employ¬ 
ees  choose  their  own  desktops  and  many  of 
them  are  choosing  Macs,  says  Pund-IT  analyst 
Charles  King. 

“We ’re  seeing  an  increasing  number  of  com¬ 
panies  that  are  allowing  their  employees 
much  broader  latitude  in  the  computers  they 
use  for  business,”  King  says.“Personally  I’m  see¬ 
ing  more  and  more  Macs  on  the  road  when  I 
travel.” 

Several  surveys  back  up  King.  In  one  report, 
Forrester  Research  chided  Apple  for  not  hav¬ 
ing  an  enterprise  strategy  but  said  Mac  usage 
among  Forrester  clients  still  has  moved  from 
1.1%  to  4.5%  of  desktops  since  October  2006, 


By  the  numbers: 

Apple  in  the  enterprise 


Apple  has  seen  a  slow  but  steady 
growth  in  corporate  computing 
environments. 

4.5%  of  corporate  desktops  are  Macs, 
up  from  1.1%  two  years  ago. 

68%  of  enterprises  will  let  users  deploy 
Macs  in  the  next  year. 

50%  of  enterprises  will  increase  inte¬ 
gration  with  the  iPhone  and  other  Apple 
consumer  devices. 

7,403  servers  were  sold  by  Apple  in  Q3 
2008  for  revenue  of  $13  million. 

0.1%:  Apple's  server  market  share. 
SOURCES:  Forrester,  Gartner,  ITIC 


“Apple’s  singular  focus  on  user  experience 
has  resulted  in  some  success  in  the  enterprise 
—  without  even  trying  to  break  into  the  mar¬ 
ket,”  Forrester  analyst  Benjamin  Gray  wrote. 
The  success  of  the  iPhone  is  driving  desktop 
operations  professionals  to  seek  better  end-to- 
end  experiences  with  the  Mac,  and  younger 
tech-sawy  workers  are  choosing  Macs 
because  they  feel  the  Apple  computers 
enhance  productivity,  he  says. 

Macs  represent  fewer  than  one  in  20  corpo¬ 
rate  desktops,  but  more  than  two-thirds  of 
companies  responding  to  a  survey  by  ITIC 
analyst  Laura  DiDio  say  they  are  likely  to  let 
users  deploy  Macs  within  the  next  year.  Nearly 
one-quarter  of  the  700  survey  participants  had 
at  least  50  Macintoshes  in  their  organizations, 
she  writes. 

Moreover,  50%  of  ITIC  survey  respondents 
plan  to  increase  integration  with  Apple  con¬ 
sumer  products,  such  as  the  iPhone,  to  give 
users  access  to  corporate  e-mail  and  other 
applications,  DiDio  writes. 

When  the  iPhone  first  appeared,  analysts  at 

See  Apple,  page  38 


Consortium  tackles  cloud  computing 


BY  JON  BRODKIN 

Everyone’s  talking  about  building  a  cloud 
these  days.  If  the  IT  world  is  filled  with  com¬ 
puting  clouds,  however,  will  each  one  be  treat¬ 
ed  as  a  separate  island,  or  will  open  standards 
allow  them  all  to  interoperate? 

That’s  one  of  the  questions  being  examined 
by  the  Open  Cloud  Consortium  (OCC),  a 
newly  formed  group  of  universities  that  is  try¬ 
ing  to  improve  the  performance  of  storage 
and  computing  clouds  spread  across  geo¬ 
graphically  disparate  data  centers,  as  well  as 
promote  open  frameworks  that  will  let  clouds 
operated  by  different  entities  work  seamless¬ 
ly  together. 

“Cloud”  is  certainly  one  of  the  most  used 
buzzwords  in  IT  today  and  marketing  hype 
from  vendors  at  times  can  obscure  the  real 
technical  issues  being  addressed  by 
researchers  such  as  those  in  the  OCC. 

“There’s  so  much  noise  in  the  space  that  it’s 
hard  to  have  technical  discussions  sometimes,” 
says  Robert  Grossman,  OCC  chairman  and 
director  of  the  Laboratory  for  Advanced 
Computing  (LAC)  and  the  National  Center  for 
Data  Mining  (NCDM)  at  the  University  of 
Illinois  at  Chicago. 

Say  you’re  running  an  application  with  one 
cloud  provider,  such  as  Amazon. corn’s  Elastic 
Compute  Cloud  service,  and  want  to  switch  to 


another  one.  “Our  goal  would  be  that  you 
would  not  have  to  rewrite  that  application  if 
you  shifted  the  provider  of  cloud  services,” 
Grossman  says. 

The  OCC  wants  to  support  development  of 
open  source  software  for  cloud-based  comput¬ 
ing,  and  develop  standards  and  interfaces  for 
the  interoperation  of  various  types  of  software 
that  support  cloud  computing. 

OCC  members  include  the  University  of 
Illinois,  Northwestern  University  Johns  Hopkins 
University  the  University  of  Chicago,  and  the 
California  Institute  for  Telecommunications 
and  Information  Technology  (Calit2).  Cisco  is 
the  first  major  IT  vendor  to  join  the  OCC  pub¬ 
licly,  though  more  could  be  on  the  way 

The  consortium’s  key  infrastructure  is  the 
Open  Cloud  Testbed,  consisting  of  two  racks  in 
Chicago,  one  at  Johns  Hopkins  in  Baltimore 
and  one  at  Calit2  in  La  Jolla,  all  joined  with  10 
Gigabit  Ethernet  connections. 

Grossman  and  colleagues  recently  used  the 
testbed  to  measure  the  performance  penalty  in 
computation  over  wide  areas.  Grossman  says 
By  using  Sector  and  Sphere,  open  source  soft¬ 
ware  developed  by  the  NCDM  for  use  in  stor¬ 
age  and  compute  clouds,  they  were  able  to 
transport  data  about  twice  as  fast  as  Hadoop, 
an  Apache  Software  Foundation  project,  he 
says.  One  reason  for  the  speed  improvement  is 


the  use  of  the  UDT  protocol,  which  is  designed 
for  extremely  high-speed  networks  and  large 
data  sets.  Most  cloud  services  use  TCRhe  adds. 

That  project  won  the  SC08  supercomputing 
conference’s  Bandwidth  Challenge  Award. 

“Processing  data  by  clouds  today  is  almost 
always  done  within  a  single  data  center  due  to 
the  technical  challenges  of  processing  data 
across  multiple  data  centers,”  a  press  release 
announcing  the  award  states.  The  project 
“demonstrated  technology  .  .  .  that  enables 
cloud  computing  to  utilize  high-performance 
networks  and  spread  cloud  computing  across 
data  centers  to  create  wide  area  clouds.” 

The  OCC  is  just  getting  started,  having  formed 
in  mid-2008.  It  is  looking  at  the  same  technical 
issues  as  companies  like  VMware,  which  is 
developing  a  broad  operating  system  that  can 
manage  the  entire  data  center,  Grossman  says. 

The  main  idea  is  to  gather  universities  and  IT 
companies  in  a  noncompetitive  way  to 
exchange  technical  information,  hopefully 
leading  to  cloud  computing  that  is  faster,  more 
secure,  and  based  on  open  standards  and 
open  source  software. 

“I’m  not  a  marketing  gu>{’  Grossman  says. 
“This  is  really  trying  to  understand  interoper¬ 
ability  issues  that  I  still  don’t  think  are  clearly 
understood,  and  issues  about  how  you  operate 
clouds  over  wide  areas.”B 
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Network  World  launches  new  online  resources 

“IT  Product  Guides”  streamline  the  buying  process,  while  “Toolshed”  focuses  on  IT 
tools,  the  latest  gadgets  and  experts  addressing  tech  questions 


Network  World  this  week  pulled  the  wraps  off 
two  new  Web  site  resources  that  are  designed 
to  simplify  your  life,  keep  you  in  the  know  and 
help  you  solve  problems. 

IT  Product  Guides 

Our  new  IT  Product  Guides  are  threaded 
throughout  the  site  and  combine  Network 
World  articles  and  product  tests  with  detailed 
vendor  information  about  products  and 
where  they  fit  in. The  guides  cover  60  key  net¬ 
work  product  areas,  from  routers  to  collabora¬ 
tion  software  to  IP  PBXs. 

A  Quick  Glance  feature  shows  all  the  partic¬ 
ipating  vendors  in  a  given  product  category 
the  market  they  are  targeting  (small  to  large) 
and  how  the  products  compare  on  price. 
Clicking  on  any  entry  in  the  Quick  Glance  grid 
brings  up  a  brief  product  description  and  a 
link  to  in-depth  product  specifications  that 
Network  World  has  obtained  from  the  vendors. 

The  Compare  Tool  feature  lets  buyers  select 
the  most  interesting  products  to  line  up  side- 
by-side,  revealing  detailed  technical  specifica¬ 
tions  and  pricing,  while  the  Buying  Info  tab 
showcases  original  Network  World  articles 
about  the  product  category  These  articles 
address  everything  from  market  trends  to  best 
practices,  buying  tips,  technical  primers  and 
case  studies. 

Together  these  components,  along  with  a 
news  feed  of  the  latest  developments  in  each 
category,  are  designed  to  help  enterprise  IT 
buyers  make  informed  buying  decisions. 

Tool  Shed 

We  are  also  proud  to  unveil  Toolshed,  a  site 
resource  that  brings  together: 

•  Reviews  of  IT  tools  by  longtime  contributor 
Mark  Gibbs. 

•  Hands-on  reports  about  the  latest  gadgets 
by  Network  World's  Keith  Shaw. 

•  Expert  advice  from  contributors  Steve 
Blass  and  Ron  Nutter  in  what  we  call  IT  Asked 
&  Answered.  Blass,  who  has  been  working 
with  TCP/IP  networks,  systems  and  software  for 
almost  20  years,  is  an  IT  manager  and  Internet 
consultant  in  Phoenix,  Ariz.  Nutter,  who  has 
been  in  the  field  since  the  1980's,is  a  network 
engineer  on  a  team  supporting  a  national  net¬ 
work  connecting  over  45  offices-  across  the 
county 

Throughout  Toolshed  the  community  is 
encouraged  to  rate  the  tools,  gadgets  and 
advice  so  you  don’t  have  to  take  our  word 
about  the  importance  of  this  stuff.  The  com¬ 
munity  also  is  encouraged  to  weigh  in  with 
their  own  thoughts  about  the  material  dis¬ 
cussed  and  ultimately  will  be  able  post  their 
own  reviews. 

Poke  around  in  these  two  new  areas  and  let 
us  know  what  you  think. 

—  John  Dix  (jdix@nww.com) 
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The  new  IT  Product  Guides  cover  60  areas  and  offer  a  Quick  Glance  feature 
that  shows  target  products  on  a  grid  (above  left)  with  price  on  the  Y  axis 
and  network  size  on  the  X.  Clicking  on  any  dot  on  the  grid  (1)  gives  sum¬ 
mary  product  details  and  the  option  to  access  more  detailed  specifica¬ 
tions  or  a  brochure.  If  you  want  to  dive  deeper,  you  can  use  the  Compare 
Tool  feature  (2)  to  analyze  products  side-by-side,  peruse  Network  World 
product  tests,  or  find  articles  about  buying  tips  and  market  trends  (3). 
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Reader  feedback  on  ceflufar  repeaters 


The  Wolverine  Internet  radio  is  almost  good 


Reader  feedback:  DPC  fokow-up,  cell-phone 
reception 


Improving  cel  phone  reception 


Cool  Tools 

Mophie  Juice  Pack  gives  iPhone  3G  backup  power 

Atok  On  Board  portable  keyboard  deserves  spot  In 
travel  bag 

£ 

Copy  (or  erase)  lots  of  data  to  US8,  fast 
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BT-200  headset  beats  the  noise  (mostly) 
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Only  half  of  avaflabie  bandwidth  can  be  weed  ?? 


Wireieea  connection  not  working 


Getting  one  printer  to  work  with  two  computers 


Proxy  CSS 1500  Issue 
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Mophie  Juice  Pack  gives  iPhone  3G  backup  power 

ay  tfsKutot* »  t*.  tzvznoo* .  n «pm  imm 

U ***06 

The  ecoop:  Juice  Pack  for  iPhone  30,  by  Mophie.  about  $100. 

T*r  r«*r 

Whet  K  »e:  The  Juke  Pack  «  a  combination  extra  battery  pack  and  O  0 
soft  grip,  non-slip  case  with  a  built-in  iPhone  dock  connector  When 
the  iPhone  is  inserted  into  the  case,  extra  power  is  provided  by  the  case's  rechargeable 
lithium  polymer  battery.  Mophie  claims  as  many  as  360  extra  hours  of  standby  time;  as 
many  as  six  more  hours  of  talk  time  (over  3G;  as  many  as  12  hours  over  EDGE);  as 
many  as  six  hours  over  3G  of  Internet  date  use  (eeven  hours  over  Wi-Fi);  os  many  as  28 
hour*  of  audio  playback  or  eight  hours  of  video  playback  time).  The  device  can  be 
recharged  via  USB  cable,  and  it  can  be  recharged  with  the  iPhone  at  the  tame  time. 

Why  It's  cool:  Battery  life  esues  of  the  iPhone  3G  have  been  we#  documented;  heavy 
voice  and  data  usage  in  3G  areas  can  dram  the  energy  of  the  device  m  less  then  one 
workday.  Having  the  Mophie  Juice  Pack  is  a  valuable  battery  life  backup  plan  that  can 
save  you  unit)  you  can  recharge  (he  device  later.  The  fact  that  tt  also  doublet  as  an 
iPhone  case  (at  least  for  the  back  part)  » 1  nice  feature.  Blue  lights  on  the  back  of  the 
dovtce  give  an  indication  of  how  much  Juice  Is  left  on  the  Juice  Peck. 

Some  caveats:  Wow.  at  $100,  that's  a  pricy  device.  The  bulky  nature  of  the  case  also 
w*  add  extra  weight  to  your  iPhone  experience.  Personalty,  l  preferred  the  smaBer 
Which  *  half  the  pnoe  and  much  more  portable,  to 

provide  emergency  backup. 

groin  (hi*  pegs  Ffrintor  friandiy  version 


Tege: 

WraifrM/ Mobile  Atok  data  eon  tor  Juice  Pin*  for  IPhone  jq  Kensington  tnep-on  tM 
peck  Mophie  OiBoard  Travel  Keyboard  porurijia  keyboard  Wlreieet  ft  Mobile  C« 
phone*  end  smart  phones  Trawl  gear 


In  Toolshed  we  pull  together  three  things  everyone  cares  about:  IT  tools  (4), 
the  latest  high  tech  gadgets  (5)  and  advice/discussion  about  vexing  tech 
problems  (6).  Ail  three  Toolshed  resources  invite  the  community  (7)  to  rate 
the  items  being  discussed,  and  weigh  in  with  their  own  thoughts. 
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On  botnets,  encryption, 
mega-worms:  Security 
predictions  for  2009 


k  J 


RISK  &  REWARD 

Andreas  Antonopoujos 
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y  predictions  for  information  security  in 
2009  are  just  predictions,  not  recom¬ 
mendations.  I  am  trying  to  guess  what 
will  happen,  not  suggesting  what  should  hap¬ 
pen.  As  always,  take  these  with  a  grain  of  salt. 

Though  these  predictions  are  based  on  pri¬ 
mary  research  and  many  discussions  with 
CSOs,  they  concern  information  security  only 
and  can  be  affected  by  external  factors  that 
are  unpredictable  (at  least  by  me).  Case  in 
point:  My  predictions  for  2008  did  not  take  into 
account  a  severe  downturn  in  the  economy 
that  was  underway  already  at  the  beginning  of  the  year.  Let’s  hope  that 
my  2009  predictions  also  miss  the  mark  by  assuming  a  continuation  of 
economic  difficulties  that  turn  out  to  be  less  severe.  Here  goes: 

•  Host-based  security  becomes  the  focus  for  2009.The  imminent 
release  of  Windows  7  and  the  continued  interest  in  Mac  OS  and  Linux 
as  alternative  desktops  are  once  again  focusing  attention  on  operat¬ 
ing-system  and  endpoint  security 

•  Mobile  security  concerns  and  solutions  grow. The  Android  and 
iPhone  platforms  continue  to  grow,  and  with  them  comes  an  ecosys¬ 
tem  of  independent  application  developers.  With  mobile  platforms 
truly  becoming  “platforms”  for  all  kinds  of  new  applications,  security 
issues  are  not  far  behind.  2009  could  be  the  year  of  the  first  wide¬ 
spread  security  scare  on  a  mobile  platform.  Perhaps  a  rogue  applica¬ 
tion?  A  Trojan? 

•  Encryption  grows.  At-rest  encryption  of  hard  drives  on  all  desktop 
systems  becomes  the  norm.  Servers  still  lag  behind.  Encryption  of 
mobile-device  storage  starts  getting  interesting.  And  once  again  in 
2009,  it’s  still  impossible  to  send  an  encrypted  e-mail  to  someone  with¬ 
out  making  special  arrangements  in  advance.  Public-key  infrastructure 
encryption  remains  fragmented  in  small  disconnected  islands.  Ugh. 

•  No  news  is  bad  news.There  are  no  new,  high-profile,  fast-spreading 
mega-worms.  The  world  rejoices  at  the  defeat  of  malware.  Meanwhile 
super-stealthy  malware  spreads  further  than  ever  before,  and  those  in 
the  know  quietly  weep. 

•  New  botnets  are  discovered  and  they’re  bigger  than  ever. The 
malware  industry  feeds  the  ever-increasing  botnet  industry  As  usual, 
most  of  the  innovation  happens  on  the  “other”  side  of  the  industry. 
Botnet  makers  continue  to  build  incredible  distributed,  encrypted, 
anonymous,  unbreakable  command-and-control  systems. Who  said 
there  are  no  profits  to  be  made  in  2009?  If  only  BTNT  was  a  publicly 
traded  stock. 

•  Regulatory  compliance  is  back  with  a  vengeance.  All  the  scandals 
and  Ponzi  schemes  you  heard  about  in  2008  become  subtitles  for  new 
regulations  in  2009  and  beyond.  Regulations  in  hedge  funds,  credit- 
default  swaps  and  derivatives  are  just  the  beginning.  A  whole  new 
industry  of  auditors,  special  software  and  consultants  rises  up  to  meet 
the  challenge. You  thought  SOX  was  a  pain?  Just  wait. 

•  Security  projects  struggle  for  funding.  It  will  take  a  lot  of  arguing  to 
get  a  budget  for  more  than  upkeep  in  2009.  But  wait  —  regulatory 
compliance  comes  to  the  rescue:  Use  compliance  to  push  through 
budget  requests  on  everything.  It’s  2007  all  over  again! 


Antonopoulos  is  a 
senior  vice  president 
and  founding  partner  at 
Nemertes  Research,  an 
independent  technology 
research  firm.  He  can  be 
reached  at  andreas@ne 
mertes.com. 
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continued  from  page  1 

routers  with  a  single,  more  powerful  system. 

Introducing  the  ASR 

ASR  1000  series  hardware  —  which  began  shipping  last  April  and  was 
upgraded  in  November  (see  announcement  blogs  at  www.nwdocfind- 
er.com/8829)  —  has  three  components:  an  embedded  service  processor 
for  data-plane  traffic,  a  route  processor  for  control-plane  functions,  and 
one  or  more  line  cards.  The  ASR  family  includes  two-,  four-  and  six-slot 
models;  for  this  test  Cisco  supplied  the  top-of-the-line,  six-slot  ASR  1006 
with  redundant  RP  and  ESP  modules  and  power  supplies. 

The  ASR’s  most  notable  new  feature  is  its  ESP  module  with  the  40-core 
Quantum  Flow  Processor  (QFP).Through  separate  software  licenses, 
QFP  supports  numerous  services,  such  as  firewalls,  NetFlow  and  Nbar 
classifiers,  and  —  in  the  future  —  caching  load  balancers.The  ESP  mod¬ 
ule  also  offers  powerful  QoS  features,  with  128,000  queues  and  support 
for  as  many  as  1,000  global  policies  and  classification  maps. 

The  RP  module  is  functionally  similar  to  Cisco  7200  routing  modules, 
but  it  scales  higher:  a  million  Border  Gateway  Protocol  routes  and  hun¬ 
dreds  of  thousands  of  Open  Shortest  Path  First  routes  are  possible. 
Scalability  also  extends  to  the  number  of  routing  sessions:  Our  tests 
involved  hundreds  of  concurrent  OSPF  sessions,  something  we  haven’t 
been  able  to  set  up  with  earlier  midrange  Cisco  routers.  The  RP  also 
offers  an  integrated  session  border  controller  for  VoIP  traffic  and  unified 
communications. 

ASR  line  cards  use  the  same  shared  port  adapter  (SPA)  design  as  Cisco 
Catalyst  7600,  Cisco  12000  and  CRS-1  routers,  and  are  interchangeable 
among  them,  which  should  help  control  sparing  costs.The  SPA  modules 
in  turn  fit  into  SPA  interface  processor  (SIP)  line  cards. 

The  ASR’s  operating  system  is  IOS  XE,  a  Linux-based  variant  of  Cisco’s 
IOS  software.  XE  looks  and  feels  similar  to  the  IOS  software  on  7200 
routers,  but  it’s  just  another  process  running  under  Linux.  Unlike  earlier 
versions  where  a  problem  with  one  process  could  crash  the  whole  sys¬ 
tem,  this  modular  design  should  help  contain  faults. 

On  the  downside,  the  IOS  XE  command-line  interface  doesn’t  take 
advantage  of  powerful  Unix/Linux  shell  features.  Pattern  matching  of 
command  output  is  limited;  there’s  no  inline  configuration  editing;  and 
IOS  XE  does  not  accept  IPv4  addresses  entered  using  classless  inter¬ 
domain  routing  notation. 

Unicast/multicast 

We  assessed  the  ASR  with  tests  of  unicast  and  multicast  performance 
and  scalability, high  availability, and  IPSec  tunnel  capacity  (see “How  we 
did  it”  at  www.nwdocfinder.com/8230). 

In  unicast  tests,  we  put  an  emphasis  on  services  above  and  beyond 
simple  packet  blasting.  In  addition  to  enabling  OSPF  as  the  routing  pro¬ 
tocol,  we  configured  the  ASR  1006  so  that  each  of  205  subinterfaces  had 
two  103-line  access  control  lists  applied.  On  the  QoS  front,  the  routers 
classified  and  queued  as  many  as  four  traffic  types.We  also  enabled  uni¬ 
cast  reverse-path  forwarding  and  NetFlow  accounting. 

Many  routers  and  switches  use  NetFlow  to  track  tens  of  thousands  of 
flows  at  most.  The  previous  high-water  mark  in  tests  we’ve  done  was 
512,000  flows  (see  Cisco  Nexus  test  at  www.nwdocfinder.com 
/8231). 

The  ASR’s  NetFlow  cache  can  track  2  million  flows  at  one  time.  With 
even  more  flows  —  our  tests  introduced  120  million  flows  in  as  little  as 
12  seconds  —  the  ASR  will  simply  do  “emergency  aging”  of  older  flows 
with  no  performance  penalty  This  is  with  full  NetFlow  monitoring;  larg¬ 
er  numbers  of  flows  could  be  monitored  using  sampling  techniques. 

We  also  ran  OSPF  on  a  large  scale,  in  terms  of  session  count  and  rout¬ 
ing-table  size.  Cisco  configured  OSPF  to  run  on  205  subinterfaces  —  20 
on  each  of  10  1-gigabit  interfaces  and  five  on  one  10-gigabit  interface. 
In  contrast,  many  enterprise  routers  run  one,  or  at  most  a  handful  of 
OSPF  adjacencies. 

We  advertised  routes  to  300,000  networks  to  the  10G  Ethernet  subin¬ 
terfaces  and  20,000  more  routes  on  the  Gigabit  Ethernet  side.  For  con- 


NETRESULTS 


Product  Cisco  ASR  1006 

Vendor  Cisco 

www.cisco.com 

Price  $250,400  as  tested 

Pros  Lengthy  list  of  packet  inspection  and  classifi¬ 

cation  features;  strong  multicast  and  IPSec 
performer. 

Cons  6:f  oversubscription  with  current  hardware; 

Linux-based  operating  system  doesn't  take 
advantage  of  Unix/Linux  features. 

Score  4.38 


SCORECARD 


Action  Weight 

Unicast  and  multicast 

performance  25%  4 

High  availability  and  resiliency  25%  4.5 

IPSec  tunnel  capacity  25%  4.5 

Features  25%  4.5 

Total  score  4.38 

Scoring  key:  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average;  1: 
Subpar  or  not  available. 


text,  consider  that  the  largest  production  OSPF  networks  in  North 
America  handle  OSPF  databases  of  50,000  routes. 

Even  with  these  conditions,  the  ASR  delivered  line-rate  performance 
with  midsize  and  large  packets  (see  “Tracking  Cisco  ASR  1006  perform¬ 
ance  numbers,”  page  18). 

With  minimum-length  64-byte  Ethernet  frames,  the  ASR’s  through¬ 
put  topped  out  at  around  10.4  million  packets  per  second  (mpps), 
or  around  35%  of  line  rate.That’s  slightly  higher  than  the  ESP20  mod¬ 
ule’s  rated  capacity  of  10  mpps,  but  this  number  and  the  line-rate 
numbers  with  midsize  and  large  packets  represent  system  limits. 

Cisco  supplied  the  ASR  1006  with  SPAs  in  three  of  its  12  slots.  Adding 
more  ports  won’t  increase  aggregate  bandwidth  or  packet-per-second 
performance,  at  least  not  with  current  hardware;  20Gbps  throughput  and 
10.4  mpps  is  as  fast  as  current  ESP  modules  go. Thus,  oversubscription  of 
as  much  as  6:1  is  possible  with  current  line  cards  and  ESP  modules. 
That’s  not  necessarily  a  showstopper  —  many  enterprises  never  come 
anywhere  close  to  fully  utilizing  a  fully  loaded  ASR  1006  —  but  it  is 
something  to  bear  in  mind  when  planning  capacity 

Average  unicast  latency  was  low  and  consistent  with  small  and  large 
packets,  but  jumped  up  into  the  millisecond  range  with  mid-length 
packets  —  a  significant  delay  even  in  a  WAN  context.  Cisco  notes  that 
delay  is  far  lower  (around  88  microsec)  with  an  offered  load  just  1% 
less  than  the  throughput  rate. 

When  it  handled  multicast  traffic  —  important  for  video  and  collabo¬ 
rative  applications  —  the  ASR  turned  in  excellent  numbers.  In  our  tests, 
emulated  hosts  on  200  subinterfaces  joined  200  multicast  groups,  each 
of  which  had  50  transmitters  on  one  10G  Ethernet  interface.  Running 
protocol-independent  multicast-sparse  mode,  the  ASR  router  thus  had 
to  replicate  incoming  packets  from  50  sources  200  times,  for  a  total  of 
10,000  multicast  routes. 

The  router  forwarded  multicast  packets  of  all  three  sizes  at  line  rate. 

See  Cisco,  page  18 
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Tracking  Cisco  ASR  1006  performance  numbers 

Cisco’s  new  router  proved  itself  a  formidable  replacement  for  the  company’s  7200 
series  in  our  exclusive  tests,  where  it  moved  traffic  at  20Gbps  while  running  QoS, 
security  and  monitoring  functions  on  120  million  flows  from  hundreds  of  concurrent 
routing  sessions.  It  also  showed  itself  to  be  a  capable  performer  when  handling 
multicast  and  IPSec  VPN  traffic. 


Packet  size 

Theoretical  maximum 

ASR  throughput 

Average  latency 

Maximum  latency 

(bytes) 

(packets/second) 

(packets/second) 

(microsec) 

(microsec) 

UNICAST  PERFORMANCE  (295  OSPF  SESSIONS,  320,000  ROUTES) 

64 

29,761,904 

10,416,667 

28.17 

1,235.25 

256 

9,057971 

9,057,971 

1,159.47 

3,697.46 

1,518 

1,624,432 

1,624,432 

132.95 

703.66 

MULTICAST  PERFORMANCE  (10,000  MROUTES  //M  ok  in  this  word?//) 

64 

74,405 

74,405 

84758 

2,007.84 

256 

22,645 

22,645 

859.51 

2,027.21 

1,518 

4,064 

4,064 

995.9 

2,270.33 

IPSEC  TUNNEL  CAPACITY  (2,000  CONCURRENT  TUNNELS) 

64 

14,880,952 

2,083,333 

115.37 

173.23 

256 

4,528,986 

1,851,384 

133 

181.19 

1,400 

812,744 

712,216 

187.54 

216.2 

64  (crypto);  1518 

3,505,635** 

3,505,635** 

667.9 

2252.48 

(Cleartext,  ‘Replicated  to  200  subinterfaces,  so  forwarding  rate  is  200  times  higher, 

bidirectional)  **  Fully  utilizes  all  available  bandwidth  in  both  directions. 
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Latency  was  significantly  higher  than  that  of 
unicast  traffic,  mainly  because  of  replication 
and  “fanout”  (the  number  of  destination  inter¬ 
faces).  However,  the  multicast  delay  numbers 
are  generally  in  line  with  other  high-end 
switches  and  routers  we’ve  tested. 

SPSec  tunnel  capacity 

We  also  validated  the  ability  of  the  ASR 
1006  to  handle  2,000  concurrent  IPSec  tun¬ 
nels,  fielding  both  encrypted  and  a  mix  of 
encrypted  and  cleartext  traffic.  We  connect¬ 
ed  a  pair  of  ASR  1006s  using  a  Cisco 
Catalyst  7604  as  an  intermediate  router.  One 
ASR  emulated  a  headquarters  router  at  a 
large  enterprise,  and  the  other  emulated 
2,000  remote  sites. 

We  offered  cleartext  frames  from  Spirent 
Communications’  TestCenter  from  the 
remote  sites  bound  for  headquarters  net¬ 
works,  and  used  a  packet  sniffer  to  verify 
that  the  ASRs  put  all  traffic  into  2,000 
unique  IPSec  tunnels.  As  is  common  with 
tests  of  security  devices,  throughput  was  sig¬ 
nificantly  lower  than  that  of  cleartext  traffic 
alone  because  of  the  extra  processing 
required  for  encryption  and  authentication. 

Throughput  for  64-,  256-  and  1400-byte 
frames  was  equivalent  to  14%,  41%  and  81% 
of  line  rate,  respectively  —  far  lower  than 
the  line-rate  results  we  saw  for  midsize  and 
large  packets  in  the  unicast  tests. 

Lower  crypto  performance  doesn’t  mean 
lower  overall  performance,  however.  We  re¬ 
tested  IPSec  with  a  mix  of  encrypted  and 
cleartext  traffic.  This  time,  aggregate 
throughput  was  essentially  line  rate  in  both 
directions.  This  suggests  that  enabling 
encryption  won’t  cause  a  performance 
penalty  for  other  traffic. 

Cisco  noted  that  the  upgrade/downgrade 
times  were  a  result  of  not  using  redundant 
interfaces  in  this  test.  We  agree  that  adding 
redundancy  would  mitigate  or  eliminate 


downtime  caused  by  SIP  module  software 
changes.  In  addition,  we  conducted  the  high- 
availability  tests  with  64-byte  frames  offered 
at  the  throughput  rate;  downtime  would  have 
been  lower  with  less  heavy  traffic  loads. 

High  availabilty 

We  assessed  high-availability  and  resiliency 
features  with  four  sets  of  failover  and  software 
installation  tests.  Because  the  ESP  and  RP 
modules  directly  handle  packets,  we  conduct¬ 
ed  separate  failover  tests  of  each.  Failover  was 
virtually  instantaneous  with  both:  The  ESP 


module  dropped  408  packets  out  of  more  than 
600  million  offered,  for  a  cutover  time  of  39 
microsec.  The  RP  modules  failed  over  perfect¬ 
ly:  They  dropped  zero  packets  in  the  transition 
from  active  to  standby  modules  (see  High 
availability  chart  below). 

The  Cisco  7200  seemed  very  powerful  when 
Cisco  introduced  it  around  a  decade  ago,  with 
what  seemed  at  the  time  like  a  speedy  CPU 
and  a  decadent  256MB  of  RAM.  In  the  same 
way  the  40  cores  of  today’s  ASR  1000  seem 
extravagant  today  Nevertheless,  as  enterprises 
look  to  replace  their  aging  7200s  —  and  per¬ 
haps  consolidate  many  of  them  onto  a  single, 
more  powerful  platform  —  the  ASR  1000  series 
represents  a  promising  option. 

Newman  is  president  of  Network  Test,  an  inde¬ 
pendent  test  lab  in  Westlake  Village,  Calif.  He  can 
be  reached  at  dnewman@networktest.com. 
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Testing  the  ASR  1006  high-availability  measure 

In  failover  tests  of  the  ESP  and  RP  modules  included  in  the  ASR  1006  router  we 
tested,  failover  was  virtually  instantaneous,  with  both  having  near-zero  packet 
loss.  In  our  software  upgrade  and  downgrade  tests,  the  time  lapse  is  attributable  to 
the  fact  that  the  SIP  modules  were  not  redundant. 


Test  case* 

Theoretical  maximum 
packets  forwarded 

ASR  packets  received 

Cutover  time  (seconds) 

ESP  failover 

624,995,319 

624,994,911 

0.000039 

RP  failover 

3,123,828,240 

3,123,828,240 

0 

In-service  soft¬ 
ware  upgrade 

31,568,109,086 

26,729,293,423 

541.95 

In-service  soft¬ 
ware  downgrade 

31,567,036,778 

27,302,385,008 

477.64 

‘All  high-availability  tests  run  with  64-byte  packets  offered  at  throughput  rate. 
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Crystal  ball 

continued  from  page  1 

Microsoft’s  battle  vs.  Google  to  attract  enter¬ 
prise  users  of  online  productivity  applications. 

Just  released  online  versions  of  Exchange 
and  SharePoint,  two  of  Microsoft’s  most  popu¬ 
lar  infrastructure  servers,  also  are  expected  to 
make  waves.  “Exchange  Online  could  be  a 
sleeper  product,”  says  Peter  O’Kelly  principal 
analyst  with  O’Kelly  Consulting. 

It  will  be  a  big  year  for  virtualization  at 
Microsoft,  too. With  its  Hyper-V  hypervisor  firmly 
on  IT’s  radar  as  part  of  Windows  Server  2008, 
and  the  recession  now  official  and  reinforcing 
virtualization’s  cost-saving  benefits,  Microsoft 
will  deploy  a  full-court  press  in  order  to  make 
its  case  that  Hyper-V  was  worth  the  wait. 

On  the  desktop  front,  Microsoft  will  spend 
less  time  trying  to  convince  people  that  Vista  is 
a  good  operating  system  with  a  bum  rap  and 
more  time  moving  on  to  the  slick  user-inter- 
face  enhancements  and  IT  benefits  of  Win¬ 
dows  7.  Central  to  the  effort  is  Steven  Sinofsky, 
who  made  his  name  stamping  out  versions  of 
Office  before  taking  over  the  Windows  team. 
Sinofsky  will  deliver  the  first  feature-complete 
beta  version  of  Windows  7  in  early  2009,  and 
then  the  industry  chatter  will  reach  a  fever 
pitch  as  to  its  merits  and  whether  Sinofsky  can 
deliver  a  final  version  before  year-end. 

Also  on  tap  is  a  new  version  of  Office 
Communications  Server  (OCS),due  to  ship  in 
February  Microsoft  wants  nothing  less  than  to 
drive  the  PBX  into  software.  With  some  shaky 
players  on  the  traditional  telecom  side,  includ¬ 
ing  partner  Nortel,  the  time  could  be  ripe  for  a 
big  strategic  push  given  that  OCS  2007  R2  is 
slated  to  ship  with  features  that  will  eliminate 
the  need  for  on-premises  gateways  to  handle 
VoIP  calls. 

VMware  eyes  data-center  dominance 

VMware  is  still  the  top  player  in  the  hypervi¬ 
sor  market,  but  this  year  the  company  will 
move  far  beyond  its  original  focus  of  virtualiz¬ 
ing  x86  servers. 

VMware  is  “no  longer  a  virtualization  com¬ 
pany  says  Forrester  Research  analyst  Frank 
Gillett,who  adds  thatVMware’s  current  focus  is 
providing  tools  that  unlock  the  potential  of  vir¬ 
tualization,  providing  greater  flexibility  in  the 
data  center,  improved  disaster  recovery  and 
high  availability 

VMware  is  banking  much  of  its  success  on 
Virtual  Datacenter  Operating  System  (VDC- 
OS),a  forthcoming  software  platform  that  will 
aggregate  not  only  virtualized  servers  but  also 
storage  and  network  resources  into  one  big 
computing  pool  that  can  then  be  deployed  to 
virtual  machines  and  applications. 

Convincing  enterprises  that  VMware 
deserves  a  commanding  role  in  the  data  cen¬ 
ter  will  not  be  an  easy  task,  however.  VMware 
software,  even  the  upcoming  VDC-OS,  man¬ 
ages  only  virtual  resources.  Physical  servers 
that  aren’t  running  VMware’s  hypervisor  are 
left  out.  Secondly,  VMware  manages  only 


Juicy  predictions 

Among  the  slew  of  2009  predictions,  forecasts,  musings  and  warnings  cir¬ 
culating  in  the  IT  industry,  here  are  some  of  the  most  interesting  tidbits 


•  IT  pros  turn  bad:  Cybercrime  will  continue  to  escalate  —  and  an  increasing  number  of 
unemployed  IT  professionals  will  join  in,  predicts  security  vendor  Finjan. 

•  Cloud  ambitions  spur  deals:  Continued  growth  in  cloud  computing  will  lead  Google  to 
acquire  Salesforce.com  or  another  software-as-a-service  applications  ecosystem  — 
and  Cisco  will  think  about  doing  the  same,  predicts  IDC. 


•  Social  networking  unravels:  The  fallout  from  restricted  IT  budgets  will  include  the 
postponement  or  cancellation  of  all  but  the  most  ROI-promising  social  networking  and 
Web  2.0  projects,  says  Vince  Kellen,  senior  consultant  at  Cutter  Consortium. 

•  Sun  gets  eclipsed:  Sun  Microsystems  will  find  a  new  CEO  to  replace  Jonathan 
Schwartz,  and  the  company  itself  will  be  acquired  or  go  private,  asserts  IDG  News 
Service  (a  Network  World  affiliate). 

•  Management  market  shrinks:  BMC  Software  or  CA  will  be  snapped  up  by  a  software 
vendor  like  Microsoft,  Oracle  or  SAP  that  needs  to  fill  out  its  management  tool  set. 
Another  possible  suitor  is  Cisco,  which  is  said  to  be  eyeing  BMC’s  data-center  automa¬ 
tion  tools  for  its  forthcoming  blade  server. 


•  AOL  gets  unloaded:Time  Warner  will  spin  off  America  Online  as  a  separate  company, 
sell  it,  or  use  it  as  the  basis  of  a  joint  venture  formed  with  another  company,  IDG  News 
Service  predicts. 


servers  virtualized  by  its  own  hypervisor. 

VMware  argues  that  the  adoption  rate  of 
Hyper-V  and  other  hypervisors  is  so  low  that 
managing  them  is  not  worth  expending 
VMware’s  R&D  resources. ‘As  of  today  manag¬ 
ing  the  other  hypervisors  doesn’t  represent  a 
big  enough  market  opportunity  for  us,”  says 
Bogomil  Balkansky  VMware  senior  director  of 
product  marketing. 

But  Gillett  says  he’s  interested  to  see  whether 
VMware  ultimately  relents  and  offers  manage¬ 
ment  tools  for  both  virtual  and  physical 
servers,  and  for  other  hypervisors.  Gillett  notes 
that  Microsoft  is  trying  to  position  itself  as  a 
better  alternative  than  VMware  when  it  comes 
to  interoperability 

Meanwhile,  VDC-OS  isn’t  VMware’s  only 
focus  in  2009.The  company  also  is  planning  to 
boost  its  desktop  virtualization  capabilities 
and  roll  out  vCloud, which  will  help  customers 
connect  their  own  data  centers  to  those  of 
external  providers,  making  cloud  data  centers 
appear  as  a  natural  extension  of  an  enter¬ 
prise’s  own  resources. 

Cisco  plots  blade  server,  security  moves 

Cisco’s  big  plans  for  this  year  include  deliv¬ 
ering  a  “Big  Bang”  in  switching,  blade  servers 
for  the  data  center,  high-definition  Tele- 
Presence  conferencing  for  the  home,  and  a 
security  plan  for  virtualized  and  cloud-com¬ 
puting  environments. 

Cisco’s  switching  upgrade  will  emerge  this 
month  and  encompass  more  than  just  the 
Catalyst  6500,  as  initially  expected.The  empha¬ 
sis  on  Big  Bang,  the  code  name  for  the  switch¬ 


ing  upgrade,  will  be  green  and  apply  to  Cisco’s 
entire  switching  portfolio,  says  Marie  Hattar, 
vice  president  of  network  systems  and  securi¬ 
ty  solutions  at  Cisco. 

Meanwhile,  Cisco  is  reportedly  developing  a 
blade  server  offering  that  will  compete  with 
IBM,  HP  and  Dell  systems  deployed  for  years 
within  data  centers.  IBM  and  HP  have  been 
longtime  partners  of  Cisco,  but  observers  say 
those  relationships  will  be  strained  if  Cisco 
offers  its  own  blade  server  system. 

Analysts  say  Cisco’s  data-center  ambitions 
will  accelerate  in  2009  and  underscore  the 
company’s  intentions  to  become  more  of  an 
overall  IT  vendor. 

“Can  they  really  make  the  credible  transition 
to  an  IT  vendor  from  a  networking  vendor?” 
asks  Zeus  Kerravala  of  The  Yankee  Group.“That 
is  their  absolute  biggest  challenge  because 
that  gets  them  into  a  whole  different  set  of  buy¬ 
ing  criteria.” 

Also  on  tap  for  2009  from  Cisco  are  security 
strategies  for  particular  areas  of  data-center 
computing  —  including  user  endpoints,  virtu¬ 
alized  devices  and  network  elements  —  as 
well  as  a  broad  architecture  for  safeguarding 
data  centers  and  cloud-computing  environ¬ 
ments,  Hattar  says. 

“I  expect,  in  early  ’09,  Cisco  will  finally  artic¬ 
ulate  a  cloud  strategy’  adds  Rob  Whiteley  of 
Forrester  Research.  “By  the  end  of  ’09  I’m 
expecting  to  see  Cisco  put  more  skin  on  the 
game  with  their  own  service  offering.” 

Juniper  redoubles  enterprise  efforts 

Juniper  plans  to  stay  the  course  in  2009  — 
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stick  hard  and  fast  to  its  high-performance  net¬ 
working  mantra,  invest  in  areas  where  cus¬ 
tomers  can  lower  total  cost  of  ownership,  and 
not  be  distracted  by  trendy  markets  such  as 
ivideo,  collaboration  and  wireless  LANs. 

“We  will  spend  money  on  making  sure  [cus¬ 
tomers  are]  secure;  where  they  can  drive  TCO 
Nexus  7000  and  Catalyst  6500  in  data-center 
switching. 

But  the  jury  is  still  out  on  Juniper  and  its 
prospects  in  the  enterprise. 

“Juniper  [needs  to]  establish  credibility  in  the 
enterprise, “Yankee  Groups  Kerravala  says.“They 
are  certainly  credible  in  the  security  space,  but 
in  overall  networking,  they’re  a  relatively  new 
entrant  in  switching  [and]  they  really  don’t  have 
a  very  broad  portfolio.” 

Security  vendors  forego  “old  school”  ways 

For  security  vendors,  the  big  news  in  2009  will 
be  a  shift  away  from  traditional  signature-based 
virus  scanning  as  use  of  behavior-based  detec¬ 
tion  and  reputation  analysis  grows. 

Signature-based  scanning  is  “static,  old  school,” 
says  Jerry  Egan,  director  of  product  manage¬ 
ment  at  Symantec’s  security  technology  and 
response  division.  With  12,000  new  malware 
specimens  each  day  to  detect  and  eradicate, “we 
think  that  technique  is  reaching  the  end  of  its 
useful  life,”  Egan  says. 

While  Symantec  isn’t  quite  ready  to  jettison 
signature-based  detection,  the  coming  year  is 
going  to  see  a  shift  toward  other  antimalware 
techniques,  including  behavior-based  protec¬ 
tion,  heuristics  such  as  examining  good  and  bad 
file  characteristics,  reputational  analysis,  and 
even  whitelisting  and  blacklisting  to  allow  or  dis¬ 
allow  code  to  run,  Egan  says. 

The  view  about  signature-based  detection  is  not 
so  different  at  Kaspersky  Lab  and  Trend  Micro. 

“Our  experience  is  that  there  has  been  a  700% 
increase  this  year  over  last  year  alone  in  malware,” 
says  Peter  Beardmore,  senior  product  marketing 
manager  at  Kaspersky  Lab.“This  is  absolutely  chal¬ 
lenging  the  traditional  approach  to  signatures.” 


Trend  Micro’s  new  approach,  now  in  beta,  is  to 
put  signature  patterns  “in  the  cloud,”  where  they 
are  queried  by  computers  protected  with  its 
agent-based  software. 

McAfee,  too,  has  begun  a  shift  to  cloud-based 
malware  detection,  and  sees  behavior-based 
detection  as  a  good  augmentation  as  well.  Still, 
“signature-based  recognition  will  always  be  part 
of  security  technologies,”  says  Dave  Marcus, 
director  of  security  research  and  communica¬ 
tions  at  McAfee. 

Avaya  centers  on  unified  communications 

For  Avaya,  2009  could  solidify  the  company’s 
top  spot  on  the  UC  sales  charts,  putting  it  in  the 
best  position  to  reap  even  more  as  the  world 
economy  improves  in  the  years  following,  indus¬ 
try  experts  say 

In  its  favor  are  that  the  company  is  privately 
held,  has  been  at  work  streamlining  and  has 
installed  key  executives  to  carry  out  well-formed 
plans.  The  downside  is  that  it  faces  formidable 
competitors  —  Alcatel-Lucent,  Cisco,  Nortel, 
Siemens,  IBM,  Microsoft  —  that  are  equally  hun¬ 
gry  and  have  different  pedigrees  that  may  give 
them  an  edge. 

The  company  started  down  a  new  path  under 
CEO  Lou  D’Ambrosio,  who  oversaw  Avaya’s  pur¬ 
chase  by  Silver  Lake  Partners  in  2007  and  chart¬ 
ed  a  course  to  overhaul  it.  The  plan  called  for 
doing  better  by  being  more  efficient  internally, 
shifting  toward  indirect  sales,  and  focusing  more 
on  software  and  less  on  hardware. 

Execution  of  that  plan  has  continued  under 
interim  CEO  Charles  Giancarlo,  who  replaced 
D’Ambrosio  when  he  resigned  for  health  rea¬ 
sons  in  June  2008.  A  permanent  replacement, 
Kevin  Kennedy,  took  over  this  month.  ■ 

■  Read  more  online,  including  our 
2009  forecasts  for  outsourcing  and 
retail  data  security,  at  www.nwdoc 
finder.com/8239. 


The  wizardry  of  Oz 


All  eyes  will  be  on  Ray  Ozzie,  Microsoft's  chief 
software  architect,  now  that  Bill  Gates  has 
retired.  Ozzie  had  a  winner's  grin  last  October 
when  he  introduced  Azure,  Microsoft's  cloud 
operating  system  two  years  in  the  making.  Now, 
he  must  define  the  platform,  fill  in  its  gaps  and 
convince  developers  to  get  behind  it. Then  he  has 
to  cement  Microsoft's  story  around  software- 
plus-services.  It  is  no  less  than  a  generational 
shift  for  Microsoft,  and  2009  should  set  the  tone 
for  Ozzie's  legacy. 
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he  CAN-SPAM  Act  as  a  warning 


It  is  widely  expected  that  the  new  Congress 
and  administration  will  be  passing  a  lot  of 
regulations  to  deal  with  all  sorts  of  per¬ 
ceived  problems.  It  may  be  that  the  5-year-old 
CAN-SPAM  Act  is  one  of  the  better  examples  of 
what  not  to  do  as  far  as  regulations  go. 

When  it  was  passed,  the  act  (official  name: 
Controlling  the  Assault  of  Non-Solicited 
Pornography  and  Marketing  Act)  was  touted  — 
by  the  politicians  at  least  —  as  a  tool  to  help 
control  the  growth  of  spam.  Few  of  us  in  the 
tech  world  thought  it  would  do  any  good,  and 
the  general  feeling  was  that  it  was  actually  designed  to  legitimize  unso¬ 
licited  e-mail. 

Back  in  October, Network  World's  Carolyn  Duffy  Marsan  reviewed  the 
legislation  (see  www.nwdocfinder.com/8227)  and  asked, “What  went 
wrong?”  Her  story  did  a  good  job  of  covering  the  act  and  its  status  as  a 
failure.lt  may  be,  however,  that  some  important  lessons  were  more  hint¬ 
ed  at  than  articulated. 

The  most  important  lesson  is  to  not  let  the  industry  you  are  claiming 
to  regulate  write  the  regulations.  The  CAN-SPAM  Act  was  written  to 
legitimize  the  business  of  spam,  and  it  was  written  to  satisfy  the  spam¬ 
mers  themselves.  A  spam-related  regulation  that  really  was  aimed  at 
providing  relief  for  Internet  users  would  have  started  with  an  opt-in 
requirement  —  an  opt-in  requirement  that  did  not  have  an  exemption 
for  a  theoretical  previous  business  relationship. 

The  next  most  important  lesson  is  to  give  enforcement  to  somebody 
who  cares.  The  Network  World  story  reported  that  as  of  a  year  ago,  the 
Federal  Trade  Commission  had  brought  about  30  law-enforcement 


actions.  In  the  face  of  more  than  100  billion  spam  messages  per  year, 

30  actions  barely  qualify  as  a  pinprick.  It  is  clear  that  the  FTC  either 
does  not  care  about  the  law  or  has  actively  decided  it  should  ignore 
spam.  (Along  the  same  line,  it  might  not  be  a  good  thing  for  federal  reg¬ 
ulations  to  override  stronger  state  regulations.) 

Yet  another  important  lesson  is  that  legislation  should  address  the 
people  who  benefit  from  bad  behavior.  A  far  more  effective  antispam 
act  would  have  gone  after  the  companies  using  spam  to  advertise  their 
wares  and  services,  as  well  as  the  ISPs  supporting  the  spammers. 

Having  an  antispam  act  that  really  was  designed  to  fight  spam  would 
not  have  stopped  it,  but  in  looking  at  what  happened  when  McColo 
was  taken  down  last  November  (see  www.nwdocfinder.com/8228),  one 
can  see  what  could  have  happened  if  there  had  been  a  concerned 
enforcement  agency  and  a  law  that  went  after  spam  supporters. 

Government  regulations  all  too  frequently  do  far  more  damage  than 
good  —  as  the  CAN-SPAN  Act  did. Thus  it’s  often  better  not  to  regulate 
—  but  in  view  of  the  lessons  from  the  banking  and  too  many  other 
crises,  not  regulating  essentially  is  a  non-option. 

So,  I  expect  the  Obama  crowd  will  have  plenty  of  chances  over  the 
next  few  years  to  do  better  than  CAN-SPAM.  How  well  they  do  will  be  a 
good  indicator  of  the  relative  strengths  of  the  impulse  to  do  something 
good  for  Internet  users  and  the  impulse  to  do  something  good  for  well- 
heeled  lobbyists  promising  campaign  donations. 

Disclaimer:  I  know  of  no  university  position  on  the  CAN-SPAM  Act  or 
on  the  altruism  of  the  lobbyists  who  helped  shape  it,  so  the  above  is 
my  own  set  of  lessons  to  be  learned. 

Bradner  is  Harvard  University’s  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 


NET  INSIDER 

Scott  Bradner 


An  accuracy  check  on  last  year’s  predictions 


Seems  like  January  2008  was  a  long  time 
ago  —  and  maybe  that’s  a  good  thing.  On 
the  bright  side,  a  historic  presidential  elec¬ 
tion  definitively  broke  the  mold  of  “old  white 
guys”  battling  it  out.  But  then  there  was  the 
global  financial  meltdown,  the  worst  terrorist 
attack  since  9/1 1,  and  across-the-board  layoffs 
in  the  tech  industry  Overall,  most  of  us  are  pret¬ 
ty  happy  last  year  is  over. 

Here’s  a  look  at  how  well  Eye  on  the  Carrier 
was  able  to  call  some  of  the  most  significant 
developments  of  2008. 

•  Bandwidth  appetite  skyrockets.  Check.  In 
2008,  Nemertes  Research  benchmarked  antici¬ 
pated  enterprise  bandwidth  increases  at  99%  —  meaning  the  typical 
enterprise  telecom  manager  believes  bandwidth  requirements  will 
essentially  double  over  the  next  12  months.  Budgets  are  flat  to  declin¬ 
ing,  however,  so  IT  execs  are  seeking  creative  ways  to  meet  the  band¬ 
width  craving  —  from  low-cost  carrier  Ethernet  services  to  WAN  opti¬ 
mization  products. 

•  Unified  communications  takes  off.  I’ll  give  myself  half  a  point  on 
this  one.  While  virtually  all  the  enterprise  organizations  I’ve  worked 
with  are  assessing  their  UC  strategies,  real  investment  in  this  area  will 
likely  wait  until  2009  or  even  2010  (see  next  week’s  predictions).  Not 
to  get  too  Clintonian  here,  but  it  all  comes  down  to  the  definition  of 
“takes  off.” 

•  Hosting  and  outsourcing  goes  mainstream.  Another  solid  hit.  We’ve 
seen  a  dramatic  uptick  in  the  deployment  of  managed  services  (67% 
of  folks  Nemertes  benchmarked  say  they’re  using  some  flavor  of  man¬ 
aged  services).  Last  year  I  predicted:  “Companies  such  as  Equinix  that 
capitalize  on  these  trends  are  having  a  booming  year  —  expect  it  to 
continue.”  Well,  although  Equinix  has  had  a  rocky  year  —  who  hasn’t? 
—  the  firm  ended  the  year  fairly  solidly  and  remains  a  market  darling, 
with  “outperform”  ratings  from  financial  folks  like  Wachovia. 


EYE  ON  THE 

CARRIERS 

Johna  Till  Johnson 


•  Video  ratchets  up.  OK,  this  was  a  safe  call  —  we’ve  seen  major 
enterprises  ink  deals  with  players  such  as  Cisco  and  AT&T  that  offer 
telepresence  solutions.  But  there’s  more  to  come:  watch  for  travel 
restrictions  to  drive  the  use  of  these  systems  up  sharply  in  2009. 

•  Wireless  data  explodes.Yup.  Reuters  calls  2008  a  “banner  year”  for 
wireless  data  —  and  virtually  all  my  enterprise  clients  have  seen  wire¬ 
less  data  as  one  of  the  few  line  items  that  continues  to  increase  sharply 
in  IT  budgets.The  iPhone  has  driven  demand  for  —  and  acceptance  of 
—  high-bandwidth  applications,  like  TV  and  video  over  wireless. 

Last  but  not  least,  I  predicted  that  2008  would  see  “a  wholesale 
reshaping  of  the  telecom  industry’  I’m  not  sure  how  to  rate  this  one. 
The  industry  certainly  feels  very  different,  with  carrier  Ethernet  threat¬ 
ening  MPLS’  dominance,  broadband  wireless  becoming  a  real  alterna¬ 
tive,  and  VoIRUC  and  multimedia  communications  beginning  to  take 
off.  But  there  hasn’t  been  a  major  consolidation  or  change  in  players 
(other  than  Sprint’s  continued  slow  decline).  So  leaving  that  one  aside, 
my  performance  on  verifiable  predictions  is  4.5  out  of  5  —  or  90%.  Not 
too  shabby  For  a  peek  at  what’s  ahead  in  ’09,  stay  tuned. 

Johnson  is  president  and  senior  founding  partner  at  Nemertes 
Research,  an  independent  technology  research  firm.  She  can  be  reached 
at  johna@nemertes.com. 


WAN  &  branch  office  ITRoadmap 
strategies  conference  &  expo  I 

Learn  more  about  this  track,  the  IT  solutions  expo  plus  nine 
other  key  topics  at  IT  Roadmap.  ITR  visits  New  York  City, 
Denver  and  Chicago  in  early  2009.  Register  and  qualify  to 
attend  free. 

www.nwdocfinder.com/8226 
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SunGard  Availability  Services  help  your  business  move  forward  with 
the  most  advanced  and  widest  choice  of  information  availability  options 
in  the  industry 


From  virtualization  to  hot  sites  to  replication  and  vaulting— SunGard  Availability  Services 
does  it  all.  And  it’s  all  we  do.  That  kind  of  focus  helps  ensure  high  availability  of  data, 
applications  and  systems  and  fits  your  needs  and  budget  precisely. 

When  we  partner  with  you,  you  worry  less  about  the  road  ahead.  Here’s  why: 
a  track  record  of  100%  successful  recoveries;  over  60  facilities  with  redundant 
power  connected  to  SunGard’s  secure  global  network;  and  more  than  20,000  end- 
user  positions  in  facilities  across  North  America  and  Europe.  SunGard  Availability  I 
Services— the  information  availability  solution  for  businesses  that  must  run  non-stop. 
Keep  moving,  call  1-800-468-7483  or  visit  www.availability.sungard.com. 


SUNGARD* 

Availability  Services 

Keeping  People 
and  Information 
Connected.® 
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TECH  UPDATE 

An  inside  look  at  technologies  and  standards 

Safeguarding  removable-media  devices 


BY  GIL  SEVER,  FOUNDER  AND  CEO  OF  SAFEND 


USB  flash  drives,  iPods  and  other  portable  storage  devices  are  perva¬ 
sive  in  the  workplace  and  a  real  threat.  They  can  introduce  viruses 
or  malicious  code  to  the  network  and  be  used  to  store  sensitive  cor¬ 
porate  information.  While  IT  has  responded  with  policies  and  audits,  the 
best  way  to  safeguard  data  taken  outside  of  a  managed  environment  is 
encryption. 


If  data  is  encrypted,  it  cannot  be  read  by  an 
unauthorized  user  in  case  of  loss  or  theft.  Most 
removable-media  encryption  products  can  be 
configured  to  restrict  access  to  devices  on  an 
authorized  list  using  the  proper  encryption 
software  and  the  correct  key  To  any  other  com¬ 
puter  the  device  appears  to  be  unformatted 
and  any  data  is  inaccessible. 

The  first  issue  is  to  control  the  flow  of  data 
leaving  the  enterprise.  A  full  audit  of  existing 
data  flows  should  be  conducted  to  ascertain 
who  is  using  removable  media  or  portable 
devices  and  for  what  purpose.  Once  that  is 
ascertained,  IT  can  craft  a  policy  that  defines 
who  is  permitted  to  transfer  data  to  removable 
media  and  under  what  circumstances,  and 
ensure  the  policy  is  properly  implemented. 

With  that  in  place  IT  can  turn  to  the  encryp¬ 
tion  issue,  which  will  involve  evaluating  the 
following: 

•  How  will  the  encryption  solution  for 
removable  media  affect  hard-disk  encryption? 

•  Will  there  be  compatibility  issues  with 
existing  encryption  software? 

•  At  what  level  (file  or  folder)  should  remov¬ 
able  media  devices  be  encrypted? 

•  Does  the  solution  provide  platform-inde¬ 
pendent  encryption? 

•  Can  administrators  override  the  user’s 
password  to  unlock  the  encrypted  device  if 
the  password  is  compromised? 

•  Will  the  encryption  tool  include  capabili¬ 
ties  for  completely  removing  data  from 
devices? 

There  are  full-disk  encryption  solutions  with 
strong  user  authentication  that  provide  remov¬ 
able-media  encryption  capabilities  as  well  as 
solutions  that  combine  this  with  encryption 


Got  great  ideas? 

■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you've 
got  one,  and  want  to  contribute  it  to  a 
future  issue,  contact  Editor  in  Chief 

John  Dix  (jdix@nww.com) 


functionality  for  applications,  such  as  e-mail. 
Whichever  tool  you  deploy  the  product  should 
use  AES  256-bit  encryption,  with  or  without 
encryption  password  protection. 

Ideally,  the  product  should  be  configured  so 
that  the  removable-media  policy  is  applied  to 
all  users.  It  should  automatically  prevent  any 
unauthorized  attempt  to  use  a  storage  device, 
optionally  alert  the  IT  administrator  and  save  a 
full  audit  of  the  attempted  connection.  If  data 
transfer  will  be  permitted,  the  product  should 
be  configured  to  make  an  audit  copy  of  the 
data  transferred. 

Other  capabilities  a  removable-media 
encryption  product  should  include  are: 

•  Authorized  device  access.  The  product 
should  have  the  ability  to  prevent  access  to  all 
devices  except  those  that  have  been  explicitly 
approved  by  the  administrator.  This  mecha¬ 
nism  can  limit  the  size  of  the  device  used  or 
restrict  usage  to  devices  that  have  been 
obtained  from  a  trusted  supplier. 

•  Access  to  personal  devices.  Any  device 
with  storage  capabilities,  such  as  a  camera  or 
iPod,  is  automatically  denied  access  to  corpo¬ 
rate  endpoints. 

•  Authorized  file  copy  This  capability  per¬ 
mits  the  user  to  transfer  data  to  a  device  pro¬ 
vided  he  has  obtained  permission  from  the 
system  administrator.  The  transfer  is  audited 
and  a  copy  of  the  data  can  be  made. 

•  Encryption  keys.  For  the  most  reliable  pro¬ 
tection,  your  solution  should  encrypt  remov¬ 
able  devices  using  an  encryption  key  Typically 
each  user  has  his  own  personal  key,  and  data 
written  to  a  device  cannot  be  accessed  by 
another  user.  If  the  user  needs  to  share  a 
device  you  can  create  a  group  encryption  key 
and  password  to  protect  the  device  so  that  it 
can  then  be  read  on  any  machine  running 
your  encryption  software. 

•  Existing  data  options.  If  an  unencrypted 
device  contains  data,  the  user  can  opt  to  pre¬ 
serve  it  during  device  encryption.  Removable- 
media  encryption  also  can  be  configured  to 
permit  the  user  to  save  data  unencrypted. 

•  Easy  setup  and  implementation.  The 
product  should  offer  a  comprehensive  infra¬ 
structure  that  is  easy  to  set  up  and  can  be 


implemented  using  existing  active  directory 
policies.  The  administrator  or  other  users 
should  not  require  weeks  of  consultancy  or 
training  before  they  can  install  or  operate 
the  software. 

Encryption  software  should  allow  the  system 
administrator  to  set  permissions  for  each  indi¬ 
vidual  or  user  group  using  profiles.  Whenever 
an  employee  plugs  a  device  into  an  enterprise 
computer,  the  network  must  first  authorize  the 
device,  check  its  content  and  digitally  tag  the 
device  before  granting  access.  If  the  remov¬ 
able  device  contains  legitimate  files  and  a 
rogue  executable, the  solution  should  have  the 
option  to  browse  the  media  and  block  access 
to  the  unsafe  files. 

Some  encryption  products  support  a  pro¬ 
file  approach  to  creating  user  permissions 
that  match  those  on  the  domain  controller  in 
a  Windows  operating  system  environment. 
Administrators  can  create  a  guest  account 
that  grants  standard  rights  for  all  guests.  The 
encryption  software  enforces  these  policies 
whenever  a  user  logs  on  to  the  virtual  drive  or 
is  authenticated  to  use  a  removable  media 
device. 

Once  authorized,  any  files  transferred  to  the 
device  should  be  fully  auditable  and  stored 
centrally  in  a  database.  Audit  logs  should 
include  what  data  was  transferred,  date,  time, 
user  name  and  a  copy  of  the  downloaded 
content.  The  audit  logs  can  act  as  a  further 
deterrent  to  employees  from  downloading 
sensitive  information. 

With  the  popularity  of  removable-media 
devices  it  is  essential  you  implement  encryp¬ 
tion  and  auditing  capabilities  to  mitigate  the 
risk  of  intentional  or  accidental  disclosure  of 
sensitive  data.  Enterprises  should  develop  a 
detailed  data-security  policy  prior  to  making  a 
purchasing  decision. 

In  addition,  it  is  wise  to  have  an  indepen¬ 
dent  third-party  security  company  examine 
your  information  security  policies  and 
encryption  protocols.  The  company  should 
provide  an  objective  opinion  as  to  the  feasi¬ 
bility  of  the  plan  and  offer  insight  on  how  to 
develop  the  appropriate  security.  This  sec¬ 
ond  opinion  will  confirm  that  the  chosen 
security  plan  and  policies  are  aligned  with 
the  company’s  needs. 

Sever  is  founder  and  CEO  of  Safend 
(wwu).  safend.  com ). 


This  vendor-written  tech  primer  has  been 
edited  by  Network  World  to  eliminate  prod¬ 
uct  promotion,  but  readers  should  note  it 
will  likely  favor  the  submitter’s  approach. 
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Solutions  Collaboration  Delivery  Support  Billing 
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Nick  Stafford,  IT  Operations  Manager,  Cabela's 

eXjpeh  endeS  the-  A>acJ(  Stofjpt  na^  hete 


With  wildly  popular  destination  stores  and  120  million  catalogs  mailed  yearly,  Cabela’s  -  the  world’s  foremost  outfitter  of 
hunting,  fishing  and  outdoor  gear  -  requires  a  steadfast  network  provider  to  service  its  loyal  customers.  Enter  MASERGY,  with  a 
redefined  approach  to  global  networking.  Through  a  passionate  dedication  to  the  customer  experience,  our  proven  IP  MPLS 
network  offers  flexible  solutions,  responsive  collaboration,  seamless  global  delivery,  proactive  support  and  simplified  billing. 

And  in  the  case  of  IT  big  gun  Nick  Stafford,  our  “buck  stops  here”  attitude  may  be  his  rarest  trophy  of  all. 
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Malwarebytes  finds  pesky  Trojan 
! 


Mark  Gibbs 


n  the  last  Gearhead  column  (www.nwdoc 
finder.com/8235)  of  2008  I  discussed  the 
weird  behavior  of  one  of  my  desktop 
machines. 

This  machine,  running  Windows  XP  Pro- 
GEARHEAD  fessional  SP2,  insisted  on  launching  a  window¬ 
less  instance  of  Internet  Explorer  7  that  in  turn 
was  loading  Flash  content  that  I  could  hear  but 
not  see.  The  obvious  conclusion  was  that  some 
kind  of  malware  was  responsible,  but  what  was  it? 

I  had  tried  a  few  antimalware  products  and  had  attempted  to  pick  the 
system  apart  using  Syslnternals  Process  Explorer  to  find  the  source  of 
the  weirdness,  but  all  to  no  avail. 

I  asked  for  suggestions  and,  wow,  did  y’all  come  through!  One  of  the 
first  suggestions  was  from  reader  Mike  Wolfe,  who  wrote, “There  was  a 
really  nasty  virus  (actually  five)  on  a  friend’s  computer, and  1  was  almost 
down  to  doing  a  complete  re-image  when  I  finally  went  to  Microsoft 
Online  Malware  Scanning,  which  helped  me  clear  the  problems.” 

This  sounded  promising, so  1  went  to  the  Microsoft  site  and  of  course, 
the  service  won’t  work  with  Firefox.  OK,  so  1  ran  up  Explorer  7,  allowed 
it  to  download  the  scanner  control  and  let  it  run  —  for  hours.  I  came 
back  the  next  morning, and  the  PC  had  crashed. So,  1  reran  the  Microsoft 
scanner,  again  for  hours.  And  the  next  morning  the  PC  had  crashed 
again. This  particular  Microsoft  technology  isn’t  ready  for  prime  time. 

The  most-recommended  approach  was  to  use  Malwarebytes’  Anti- 
Malware.  Reader  Joel  Dunn  described  it  as  “a  silver  bullet.” 

With  high  hopes,  I  started  Anti-Malware  about  three  and  half  hours 
ago.  So  far,  it  has  examined  358,320  files  and  found  nothing.  I’ll  leave  it 
running  overnight  and  we’ll  see  if  it  has  found  anything  in  the  morning. 

Ta-da!  It’s  bright  and  early,  and  Anti-Malware  has  finished  its  run. 


The  scan  took  4  hours,  8  minutes,  16  seconds  to  examine  483,040 
objects  (in  memory  processes,  as  well  as  DLLs  and  other  disk  files), 
and  it  found  one  infected  memory  process,  one  infected  registry- 
data  item  and  two  infected  files. 

The  culprit  was  something  identified  as  Trojan. Agent,  but  I  can’t  find  a 
good  description  of  what  this  thing  does.  Malwarebytes  doesn’t  provide 
useful  details,  and  other  companies  disagree  on  what  the  Trojan  does 
and  how  it  works.There’s  no  guarantee  that  these  antimalware  vendors 
are  referring  to  the  same  piece  of  code  because  there  is  no  identifica¬ 
tion  method  or  naming  scheme  that  antimalware  vendors  agree  on. 

According  to  the  Malwarebytes  Anti-Malware  log,  the  “infected”  files 
were  both  in  C:\WINDOWS\system32\.  In  fact  the  files  —  taskmagr.exe, 
which  I  had  already  spotted,  and  wmdmpmsvc.dll  —  were  both  files 
that  had  been  added  to  the  system  rather  than  subverted  and,  as  far  as 
I  can  tell,  appear  to  have  contained  the  actual  Trojan  code. 

I  allowed  Anti-Malware  to  quarantine  the  “infections”  and,  after  a 
reboot,  the  system  is  running  much  faster,  even  though  my  old  problem 
with  unusually  high  processor  utilization  caused  by  deferred  proce¬ 
dure  calls  (DPC)  is  back,  this  time  running  at  around  15%. 

After  all  this  time,  and  with  all  the  suggestions  I’ve  received  and  diag¬ 
nostics  I’ve  run,  the  DPC  issue  is  still  unresolved.  I’m  thinking  that  it  may 
never  be  resolved  and  a  rebuild  of  the  system  is  the  only  choice  left. 

The  bottom  line  is  that  Malwarebytes  Anti-Malware  looks  like  the 
answer.  The  tool  is  free  but  a  “full”  version  with  real-time  protection, 
scheduled  scanning  and  scheduled  updating  is  available  for  $24.95. 1 
give  Anti-Malware  4  out  of  5.  Only  the  lack  of  a  detailed  explanation  of 
what  it  has  found  stops  it  from  getting  5  out  of  5. 

Gibbs  wrestles  with  digital  vermin  in  Ventura,  Calif.  Got  a  better  mouse¬ 
trap?  Tell  gearhead@gibbs.com. 


CES  remains  cool  despite  cooling  economy 

Y 


COOLTGOLS 


rou’d  think  the  sky  had  fallen,  with  all  the 
reports  of  lower  attendance,  shrinking 
hotel  room  rates  and  no  Bill  Gates 
keynote  at  the  Consumer  Electronics  Show 
in  Las  Vegas.  Despite  the  doom  and  gloom, 
there  were  still  tons  of  new  products 
announced  with  enough  fanfare  to  make  the 
hype-masters  happy.  Here  are  a  couple  of 
trends  and  products  that  piqued  my  interest: 

Projectors  get  wicked  small.  At  last  year’s  show  I  got  a  sneak  peek  at 
the  “micro-projector”  or  “pico-projector”  concept,  and  this  year  we’re 
starting  to  see  products  based  on  that  concept.  Nextar  announced  its 
LCOS  micro-projector,  the  Z10,  a  $300  projector  that  uses  liquid  crystal 
on  silicon  technology  to  produce  images  with  a  resolution  of  up  to  640- 
by-480  pixels,  and  a  brightness  level  of  7  to  12  lumens.  The  1.5-pound 
Z10  includes  a  built-in  speaker  and  microSD  card  slot,  and  can  project 
images  as  large  as  20  inches. 

WowWee  Robotics,  which  usually  sticks  to  the  robotic  toy  market,  is  get¬ 
ting  a  bit  more  serious  with  its  ultraportable  projectors.Teaming  up  with 


Texas  Instruments,  the  company  announced  its 
Cinemin  series  of  micro-projectors,  which  uti¬ 
lizes  TI’s  Digital  Light  Processing  technology 
The  series  includes  the  Cinemin  Swivel  (three- 
hour  battery  life,  90-degree  hinge  for  ceiling 
projection),  Cinemin  Stick  (pico  projector  with 
internal  memory  and  expandable  SD  card  slot), 
and  Cinemin  Station  (alarm-clock-size  media 
center  and  iPod  docking  station). 

These  devices  may  be  consumer-oriented  at 
first,  but  it  isn’t  much  of  a  stretch  to  imagine 
mobile  workers  using  these  to  display  presenta- 


WowWee’s  Cinemin 
Stick  micro¬ 
projector 


tions  and  other  videos  to  colleagues  or  sales  contacts  via  their  smart¬ 
phones.  We  often  hear  talk  about  the  “death  of  the  notebook”;  the  avail¬ 
ability  of  smaller  projectors  that  work  with  smartphones  adds  to  the 
possibility  that  mobile  workers  can  forgo  their  laptops. 

Cisco’s  push  into  the  home.  Cisco  already  has  been  “in  the  home”  with 
its  Linksys  division  of  home  wireless  routers, but  the  company  now  would 
like  to  get  into  the  living  room  with  some  new  offerings. The  multiroom 
wireless  audio  system  looks  impressive  (right  up  there  with  the  Sonos 
and  Logitech  offerings),  but  I’m  more  fascinated  by  the  new  Cisco  by 
Linksys  (a  new  branding  name)  Media  Hub,  a  network-attached  storage 
device  that  “gathers,  organizes  and  presents  all  the  digital  video,  photos 
and  music  that  users  have  spread  amongst  various  devices  in  the  home.” 
Starting  at  $300  (for  the  500GB  version),  the  Media  Hub  aims  to  search 
the  user’s  home  network  automatically  for  other  media  devices  (includ¬ 
ing  PCs  and  notebook)  and  present  all  the  available  digital  media  to  the 
user  in  a  single,  browser-based  location.  Because  users  probably  are 
duplicating  their  media  files  for  backup  purposes,  multiple  versions  of 
the  same  file  often  are  displayed  when  it  comes  time  to  play  the  song  or 
view  the  photo.  Media  Hub  seems  to  alleviate  that  problem,  understand¬ 
ing  that“l  just  want  to  listen  to  Funkytown.I 
don’t  care  where  the  file  is  located.”With 
remote  access  and  its  own  automatic 
backup  features,  Media  Hub  may  be 
even  more  impressive  as  a  way  to  show 
off  photos  instead  of  having  to  rely  on 
online  services. 

More  CES  and  MacWorld  coverage,  includ¬ 
ing  videos,  blog  entries, Twitter  feeds  and  articles, 
is  online  at  www.networkworld.com. 

Shaw  can  be  reached  at  kshaw@nww.com. 
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innovation  in  user  support. 
Irace360  from  DNSstuff.com. 
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Gitrix,  Novell  make  a  valid  run  at 
VMware  ESX  virtualization  crown 

Test  shows  Xen-based  hypervisors  are  speedy  and  quite  manageable 


BY  TOM  HENDERSON  AND  BRENDAN  ALLEN,  NETWORK  WORLD 
LAB  ALLIANCE 

Mware  and  Microsoft  should  be  taking  the  competition  in  the 
server  virtualization  market  very  seriously  because  open  source 
Xen-based  products  definitely  have  matured  into  viable  enter¬ 
prise-class  hypervisor  options. 

That’s  what  we  found  in  our  unique,  two-tiered  test,  in  which  we  pitted 
three  Xen-based  virtualization  platforms  —  Citrix  Systems’  Novell’s  and 
Virtual  Iron  Software’s  —  against  each  other  and  against  the  results  of 
our  previously  published  test  of  VMware’s  ESX  and  Microsoft’s  Hyper-V 
(see  www.nwdocfinder.com/8232). 

The  winner  in  our  all-Xen  round  of  testing  was  Citrix’s  XenServer, 
which  combined  solid  performance  and  a  strong  overall  package  for 
those  who  want  to  virtualize  Windows  and  Linux  systems. 

XenServer  offered  up  the  highest  speeds  in  our  business-transaction 
tests, even  though  it  did  not  have  a  great  showing  in  our  I/O  performance 


testing  (for  the  complete  results  of  our  Xen-based  hypervisor  perfor¬ 
mance  test,  go  to  www.nwdocfinder.com/8233).  XenServer’s  manage¬ 
ment  components  were  flexible  and  easy  to  use,  despite  being  a  bit 
buggy  And  its  long  list  of  supported  guest  operating  systems  adds  to  its 
overall  enterprise  appeal 

Neither  Novell’s  SUSE  Xen  or  Virtual  Iron  should  be  ignored,  however. 
We  found  both  have  plausible  audiences.  Novell’s  Xen  ships  as  part  and 
parcel  of  the  company’s  SUSE  Linux  Enterprise  Server  (SLES)  10.2  pack¬ 
age  and  Novell’s  overall  support  system  is  highly  evolved  and  very 
responsive. 

Virtual  Iron’s  unique  approach  —  comprising  a  convenient,  server- 
farm-like  approach  to  virtual  machine  (VM)  guest  management  —  pro¬ 
vides  an  out-of-network  administrative  link  that’s  potentially  more  secure 
than  other  implementations’ 

In  looking  at  the  overall  hypervisor  landscape,  VMware’s  ESX  and 

See  Virtualization,  page  30 
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Product 

XenServer  5.0 

SLES  10.2  Xen  3.2 

Virtual  Iron  4.4  Enterprise  Edition 

Vendor 

Citrix  Systems 
www.citrix.com 

Novell 

www.novell.com 

Virtual  Iron 
www.virtualiron.com 

Price 

$2,000 

Included  in  operating  system  price 

$3,196  as  tested 

Pros 

Fastest  overall  in  our  business 
transaction  set;  convenient  config¬ 
uration  templates. 

Good  hardware  compatibility;  virtu¬ 
alization  basics  are  included  in  the 
SLES  box;  strong  I/O  performance. 

Comparatively  mature  platform;  good 
management  and  policy  controls. 

Cons 

Management  tools  contained  frus¬ 
trating  bugs  and  annoying  quirks; 
weak  I/O  performance. 

Slower  performer  for  Windows  VM 
hosting;  requires  strong  Linux 
skills  as  tested;  built-in  manage¬ 
ment  is  very  basic. 

Uses  nonmainstream  server-manage¬ 
ment  backplane;  older  console  platform 
lacks  multitasking  capability  and 

Network  File  System  compatibility. 

Score 

3.88 

3.0 

3.63 

SCORECARD 

Action 

Setup,  compatibility 
and  migration  (25%) 

Administration  and 
management  (25%) 

Performance  (25%) 

Security,  monitoring  and 
event  management  (25%) 

Total  score 


VMware  ESX 

4.5 

4.0 

4.5 

4.0 

4.25 


Citrix 

XenServer  5.0 
3.5 

3.5 

4.5 
4.0 

3.88 


Virtual  Iron  4.4 
Enterprise  Edition 

3.5 

3.5 

3.5 

4.0 

3.63 


Microsoft 

Hyper-V** 

3.0 

3.5 

3.5 

3.0 

3.25 


Novell  SLES 
10.2  Xen  3.2 

3.0* 


3.0* 

3.0 

3.0* 

3.0 


Scoring  key:  5:  Exceptional;  4:  Very  good;  3:  Average;  2:  Below  average;  1:  Subpar  or  not  available. 

EDITOR'S  NOTE;  VMware  ESX  and  Microsoft  Hyper-V  scores  derive  from  the  first  round  of  testing. 

*  Comparable  management  console  wasn’t  reviewed  because  Novell  didn't  provide  one. 

**  Hyper-V  tested  with  beta  of  Microsoft  Systems  Center-Virtual  Machine  Manager,  which  was  in  beta  at  the  time  of  testing.  We  are  currently  retesting  the  upgraded  code. 
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With  energy  consumption  expected  to  double  in  five  years,  how  do  you  build 
and  manage  your  IT  to  reduce  costs?  Greener  software:  a  complete  range 
of  energy-efficient  software  to  optimize  your  infrastructure,  boost  business 
process  efficiency  and  implement  truly  responsible  collaboration.  A  greener 
world  starts  with  greener  business.  Greener  business  starts  with  IBM. 
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SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 

Get  our  green  strategy  whitepaper  at  ibm.com/green/software 
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Virtualization 


VirtualCenter  combination  still  is  the  package  to  beat  because  of  its 
wide  compatibility  list,  decent  performance  and  rich  management 
components  (see  combined  scorecard,  page  28). 

Some  background 

The  open  source  Xen  hypervisor  originally  supported  only  Linux 
machines. Today  Xen  can  represent  host  hardware  to  almost  any  guest 
that  has  drivers  to  support  the  underlying  hardware. 

SUSE  first  bundled  Xen  in  SLES  9.1,  before  Novell  acquired  SUSE  in 
2004.Citrix  picked  up  its  Xen  capabilities  when  it  acquired  XenSource 
in  2007.  (Listen  to  a  podcast  with  Citrix  virtualization  CTO  Simon 
Crosby  at  www.nwdocfinder.com/8221.)  Novell  and  Citrix  still  con¬ 
tribute  to  the  Xen  project  and  base  their  products  on  Xen  3.2  code. 

The  master/slave  relationship  Virtual  Iron  establishes  between  its 
hypervisor  and  its  guests  is  a  different  metaphor  for  VM  hosting.  It  uses 
one  or  more  controller  servers  to  manage  other  servers  running  hyper¬ 
visors  over  a  private  network. 

To  assess  how  these  three  packages  measure  up  against  the  non-Xen 
hypervisors,  we  asked  vendors  to  submit  a  base  hypervisor  package 
and  either  built-in  or  add-on  management  software  roughly  equal  to  the 
offerings  we  tested  from  VMware  and  Microsoft.  Citrix  and  Virtual  Iron 
complied  with  the  request  in  full,  but  Novell  would  not  submit  its 
Orchestrator  management  application  —  which  has  a  plug-in  module 
called  ZenWorks  Virtual  Machine  Management  —  for  review.  With 
Novell’s  insistence,  we  tested  SLES  10.2  with  its  virtualization  building 
blocks  but  without  the  add-on  management  application. 

The  packages  tested  in  this  round  were  Novell  SUSE  Xen  3.2 
(included  with  SLES  10.2),  Citrix  XenServer  5.0  and  Virtual  Iron  4.4 
Extended  Enterprise  Edition. 

The  characteristics  weighted  heavily  in  this  qualitative  assessment 
were  hardware  and  guest  operating-system  compatibility  and  the  man¬ 
agement  tools  provided  to  build  new  VMs,  migrate  existing  VMs,  con¬ 
solidate  older  server  instances  onto  new  virtual  ones  and  control  all 
VMs  for  day-to-day  operation  (see  “How  we  did  it,”  at  www.nwdocfind 


er.com/8234). 

Citrix  XenServer  5.0 

XenServer’s  hardware  support  was  second  only  to  that  in  Novell’s  Xen 
implementation,  which  has  a  slight  advantage  because  it  runs  on  any 
hardware  supported  by  the  Novell  SLES  10  Linux  distribution. 

XenServer’s  support  for  guest  operating  systems  —  the  strongest  such 
support  among  the  Xen  packages  —  includes  Windows  Server  2000, 
2003  and  2008  (32-  or  64-bit),  Windows  Vista  (32-bit),  Windows  XP  SP2 
or  SP3;  CentOS  (versions  4.5  to  5.2);  Red  Hat  Enterprise  Linux  (RHEL) 
(versions  3.6  to  5.2);  SLES  versions  9  and  10  (with  various  service 
packs);  and  Debian’s  sarge  and  etch  releases. 

XenServer  installs  Citrix’s  modified  version  of  Linux  with  the  Xen  ker¬ 
nel,  which  requires  a  64-bit  processor.  XenServer  has  a  simple,  text- 
based  installation  routine,  the  console  for  which  is  useful  for  most  post¬ 
installation  tasks.  We  tested  both  the  text-based  and  console-based 
XenServer  management  schemes,  and  highly  recommend  using  the 
bundled  (it’s  included  in  the  base  price,  a  big  plus)  XenCenter  hypervi¬ 
sor-management  application  on  a  connected  Windows  client  machine. 
XenCenter’s  templates  ease  the  construction  of  new  VMs  tremendously 
Citrix  also  lets  the  builder  modify  a  blank  template  to  support  the 
installation  of  “generic”  guest  operating-system  configurations. 

We  were  frustrated  by  the  fact  that  the  templates  didn’t  let  us  change 
the  minimum  storage  values  recommended  by  Citrix.  For  example, 
Citrix’s  edict  is  that  Windows  2008  requires  24GB  of  storage;  the  only 
way  to  get  around  this  was  to  delete  the  default/unchangeable  virtual 
hard  disk  after  we  created  it,  then  add  another  virtual  hard  disk  with  the 
custom  storage  size  we  desired. 

XenCenter  handled  our  ongoing  management  and  monitoring  jobs 
quite  easily  overall,  but  there  were  some  minor  caveats  to  our  satisfaction. 

Overall,  the  XenCenter  interface  was  good  (see  screenshot, this  page), 
but  it  still  lags  a  bit  behind  VMware’s:  Day-to-day  process  flows  were 
more  easily  accomplished  with  VirtualCenter. 

Setting  up  XenServer’s  VM  monitoring  facilities  was  very  simple, 
because  there  is  a  list  of  monitored  attributes  (very  similar  to  the  set 
offered  by  VMware)  including  CPU,  network  usage,  disk  space  usage, 
memory  usage,  number  of  CPUs  per  VM,  hard-disk  size  and  IP-address 

traffic  volume.  You  merely  have  to 
check  off  what  you  want  monitored. 

XenCenter’s  alarms  are  called 
“alerts.”  We  could  set  thresholds  for 
anything  we  could  monitor.  If  a  VM 
reached  above  a  certain  percentage 
—  for  memory  use,  for  example  —  for 
a  set  number  of  minutes,  XenCenter 
would  correctly  trigger  the  alert.  We 
also  could  monitor  alerts  manually 
via  the  GUI,  under  the  Logs  tab  of 
each  server  where  they’re  identified 
by  the  color  red.  The  logs  also  ren¬ 
dered  a  detailed  listing  of  recent 
events  from  VMs  on  that  server. 

It’s  possible  to  have  alerts  based 
on  preset  trigger  conditions  e- 
mailed  to  you  (although  we  could¬ 
n’t  get  that  working  correctly  with 
our  mail  server).  Mail  options  are 
frustratingly  limited. 

We  did  find  some  minor  issues 
when  we  were  moving  stored  VM 
images  created  under  XenServer.  For 
example,  when  we  wanted  to  move  a 
stored  VM  image  file  from  local  stor¬ 
age  to  shared  storage  on  the  same 
host  machine,  we  had  to  copy  the 
VM,  then  select  the  option  to  delete 
See  Virtualization,  page  32 
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Citrix’s  XenCenter  hypervisor  management  console  —  which  presents  a  view  of  VMs 
aggregated  into  resource  pools  that  allows  for  easy  manipulation  —  approaches  VM¬ 
ware’s  VirtualCenter  in  how  easily  it  lets  an  administrator  control  guest  VMs  running 
atop  XenServer. 


30  •  JANUARY  12,  2009  •  www.networkworld.com 


The  inefficiency,  complexity  and  rising  energy  costs  of  twentieth-century 
datacenters  simply  can’t  support  the  demands  of  twenty-first-century 
business.  IBM’s  New  Enterprise  Data  Center  is  a  vision  for  IT  that’s  highly 
efficient,  business  driven  and  greener-by-design.  IBM  is  already  working 
with  over  2,000  clients  to  help  make  this  vision  a  reality.  A  greener  world 
starts  with  greener  business.  Greener  business  starts  with  IBM. 


■ 


......  H 


pMMii 


8HHII 


IBM,  the  IBM  logo  and  ibm.com  are  trademarks  of  International  Business  MacfTrnes^Cbrpb'ration.  registered  in  many  jurisdictions  worldwide.  A  current  list  of  IBM  trademarks  is 
available  on  the  Web  at  “Copyright  and  trademark  information"  at  www.ibm.com/legal/copytrade.shtml.  ©  2008  IBM  Corporation  All  rights  reserved. 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 

See  our  Webcast  about  greener  datacenters  at  ibm.com/green/datacenter 


LEANER. 

MEANER. 

GREENER. 


OlEAR  CHOICE  TEST  VIRTUAL  MACHINE  MANAGEMENT 


Virtualization 

continued  from  page  30 

the  original  VM. This  process  had  the  undesired  effect  of  changing  the 
VM’s  Ethernet  media  access  control  (MAC)  address  on  its  network  card, 
and  you  then  had  to  change  it  back  manually. This  is  not  a  huge  issue, 
but  it’s  a  step  that  XenCenter  should  have  taken  care  of  for  us. 

Also,  we  couldn’t  copy  aVM  from  the  local  storage  on  one  machine 
directly  to  local  storage  on  another  machine.  We  had  to  put  the  VM  into 
shared  storage,  then  copy  it  again,  an  inconvenient  two-step  process. 

We  could  copy  or  move  only  one  VM  at  a  time,  but  multiple  VM-move- 
ment  jobs  could  be  queued  and  duly  handled  in  turn. 

Citrix’s  bundled  XenServer  has  no  built-in  security  support  beyond 
simple  password  access.  Because  it’s  not  hardened  as  a  matter  of  poli¬ 
cy,  the  password  is  vulnerable  to  dictionary  attack.  In  addition,  there  is 
only  one  user  —  a  root  user, so  that  user  can  do  anything,  including  dis¬ 
rupting  or  destroying  working  VMs. 

Migration  and  consolidation  patterns 

XenServer  uses  resource  pools  to  allow  VMs  to  be  migrated  rapidly 
between  hosts.  These  resource  pools  aggregate  VM  machines  and 
resources  into  objects  that  can  be  manipulated  as  grouped-together 
members  of  the  same  unit. 

We  found  strong  vendor  stipulations  on  how  these  work.  According  to 
XenServer’s  documentation,  cross-hypervisor  server  migration  is  possi¬ 
ble  when  “each  CPU  is  from  the  same  vendor  (in  particular,  AMD-V  and 
Intel  VT  CPUs  cannot  be  mixed),  each  CPU  is  the  same  model  (except 
for  stepping), each  CPU  has  the  same  feature  flags, and  all  hosts  are  run¬ 
ning  the  same  version  of  XenServer  software.”  These  constraints  make 
migrating  VMs  more  difficult  in  an  environment  that  lacks  identical 
hardware  and  certainly  more  onerous  than  any  other  restrictions  put  in 
place  by  other  hypervisor  vendors. 

Citrix  also  offers  XenServer  Live  Migration,  which  is  the  ability  to  move 
a  VM  from  one  host  to  another  without  the  VMs’  losing  (much)  avail- 
ability.As  long  as  we  stuck  with  VMs  in  the  same  resource  pool, this  fea¬ 
ture  worked  well.  Migration  was  fair¬ 
ly  quick,  removing  active  VM  avail¬ 
ability  for  only  a  few  seconds  at 
most. 

VM  snapshots,  while  missing  from 
the  GUI,  are  available  via  the  com¬ 
mand  line.  Snapshots  in  XenServer 
don’t  seem  to  work  in  the  same  way 
that  other  hypervisors’VM  snapshots 
do.  XenServer’s  snapshot  process 
just  creates  a  template  for  the  VM. 

With  other  vendors’  snapshots,  we 
created  a  kind  of  hierarchy  of  itera¬ 
tive  snapshot  files  and  reverted  to 
any  point  in  the  hierarchy  to  capture 
the  desired  time-stamped  snapshot. 

Consolidation  requires  P2V  tools 

A  physical-to-virtual  (P2V)  maneu¬ 
ver  takes  a  working  server’s  operating 
system,  applications  and  stored  data, 
and  converts  it  to  a  VM  without  any¬ 
thing  having  to  be  reinstalled  from 
scratch  on  the  virtualized  host  sys¬ 
tem.  P2V  is  a  useful  and  necessary 
process  for  corporations  looking  to 
virtualize  existing  data  center  servers 
—  whether  they  are  Windows  or 
Linux  ones.  Without  P2V  tools,  build¬ 
ing  a  VM  entails  installing  the  server 
operating  system,  then  installing 
applications,  then  migrating  the 


existing  data  to  the  new  host. 

Citrix  offers  separate  P2V  utilities  for  Linux  and  Windows  servers. 
XenServer’s  Linux  P2V  application  is  included  on  the  XenServer  instal¬ 
lation  CD. You  must  boot  from  the  machine  using  this  CD  if  you  want  to 
convert  a  physical  Linux  machine  to  aVM. 

We  had  issues  with  this  tool  during  testing.  Our  server  was  running 
SLES  10.2,  but  the  Citrix  utility  couldn’t  detect  the  operating  system  on 
that  server.  We  were  able  to  “start”  a  P2V  of  an  SLES  9  32-bit  installation, 
(although  it  mistakenly  identified  it  as  Red  Hat  3),  but  it  failed  with  a 
generic  failure  “error  500.”  We  tried  again  with  an  AMD64  machine  with 
Ubuntu  running  on  it,  but  the  application  still  showed  no  supported 
operating  systems  and  wouldn’t  let  us  proceed  with  making  a  P2V  of 
the  Ubuntu  image. 

The  second  Citrix  P2V  utility  is  called  XenConvert  on  Windows,  which 
takes  a  Windows  operating  system  and  its  applications,  then  turns  the 
combination  into  a  VHD  or  XVA  file  to  import  to  XenServer  to  run  as  a 
VM.That  said,  the  process  failed  with  one  Windows  XP  machine  in  the 
test  bed.  XenConvert  consistently  gave  us  an  error  message  each  time 
we  attempted  the  process.  A  second  Windows  XP  test  machine  could 
be  converted,  but  the  boot  loader  (grub)  was  mangled  and  the  new  XP 
guest  instance  wouldn’t  load.  We  had  to  fix  the  grub  configuration  to 
make  it  work. 

Citrix’s  P2V  tools  may  work  for  versions  of  Windows  and  Linux  we  did 
not  test,  but  we  were  certainly  dismayed  at  the  lack  of  success  in  testing. 

Novell  SLES  10.2  with  Xen  3.2 

Novell’s  SLES  10.2  including  Xen  3.2  is  part  of  its  Linux  product  line 
and  typically  is  managed  by  the  company’s  Zen  Works  products  and  ser¬ 
vices.  However,  Novell  refused  to  supply  its  Orchestrator  management 
platform  with  a  ZenWorks  virtualization  management  module  for  this 
review,  stating  that  Orchestrator  is  customized  for  each  data  center 
deployment  via  Novell  Consulting  Services  and,  therefore  is  not  an 
appropriate  product  to  be  included  in  lab-based  reviews.Therefore.our 
assessment  of  Novell’s  offering  rides  solely  on  the  SLES  10.2  Xen  imple¬ 
mentation  and  the  tools  bundled  with  it. 
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Novell’s  SLES  10.2  Xen  implementation  in  our  test  was  managed  by  a  combination  of  shell 
scripts  and  an  open  source  GUI  tool  called  Virt-Manager  (the  open  source  Virtual 
Machine  Manager,  not  to  be  confused  with  Microsoft's  tool  of  the  same  name)  in  lieu  of 
having  Novell’s  Orchestrator,  which  the  company  opted  not  to  submit  for  testing.  Unix 
lovers  will  feel  at  home  with  these  tools. 
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Virtual  Iron’s  Vl-Center  management  console  takes  a  Microsoft  Management 
Console-like  approach  to  resource  administration  tasks,  but  Vl-Center  dictates  that 
administrators  must  usually  perform  these  tasks  slowly  and  sequentially. 
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In  terms  of  compatibility,  Novell’s  Xen 
supports  everything  that  the  x64  version 
of  SLES  10.2  does.  This  list  of  supported 
server  hardware  foundations  (see 
www.nwdocfinder.com/8222)  is  the  best 
of  the  three  Xen  competitors.  The  list  of 
the  guest  operating  systems  it  supports, 
however,  is  narrower  than  both  Virtual 
Iron’s  and  Citrix  XenServer’s.  The  Novell 
list  includes  paravirtualized  SLES  10, 

NetWare  6.5,  Microsoft  Windows  Server 
2008,  fully  virtualized  Windows  2000, 

2003,XRfully  virtualized  SLES  9, and  RHEL 
versions  4  and  5.  Missing  from  this  list  are 
Windows  Vista  and  CentOS  versions. 

The  initial  installation  of  Novell’s  SLES 
Xen  is  exactly  the  same  as  the  installation 
of  SLES  10.2  (www.nwdocfinder.com 
/8221),with  the  sole  variation  being  the 
installation  of  precompiled  Xen  kernel. 

We  implemented  the  64-bit  Xen  kernel, 
but  there  also  is  a  32-bit  kernel  available 
from  Novell. 

Two  GUI  applications  are  available 
with  Novell’s  Xen  bundle,  which  we  used 
to  facilitate  installation.The  vm-install  tool  provides  a  templated  VM  cre¬ 
ation  method  that’s  somewhat  similar  to  Citrix’s  XenServer  templates. 
We  used  setup  utilities  familiar  to  us  from  our  long  history  with  SLES 
versions  for  networking  and  shared  storage.  VMs  we  created  could  be 
paravirtualized  (usually  Linux  guests  only)  or  fully  virtualized  Windows 
guests. 

Novell’s  SLES  Xen  package  includes  a  rudimentary  virtualization 
application  called  Virt-Manager  (short  for  Virtual  Machine  Manager,  not 
to  be  confused  with  the  Microsoft  tool  of  the  same  name)  —  a  com¬ 
mon,  lightweight  GUI  application  included  in  Xen-based  virtualization 
products.Virt-manager  has  an  option  called  Create  Virtual  Machines, 
which  we  invoked  before  installing  Windows  and  SLES  as  guest 
machines.Then  we  set  up  each  VM’s  allocation  of  RAM,  CPUs, hard  disk 
and  networking,  and  selected  whether  we  wanted  the  guest  to  be  par¬ 
avirtualized  or  fully  virtualized.  If  a  VM  will  be  connected  to  shared 
storage,  that  storage  needs  to  be  set  up  as  a  directory  beforehand. This 
includes  iSCSI  or  Network  File  System  (NFS)  shares  used  forVM  storage 
managed  from  the  SLES  installation;  they’re  more  difficult  to  allocate 
post-installation. 

We  performed  simple  day-to-day  management  tasks  primarily  via  a 
single  command-line-interface  command  called  “xm”  and  a  series  of 
shells  built  around  it  that  let  us  complete  ongoing  VM  management.Xm 
lets  you  destroy,  pause,  reboot,  shut  down  and  save  a  VMs  guest  state. 

Novell  supplies  a  script  called  “xmclone.sh”  that  creates  a  copy  of  a 
VM.We  found  it  straightforward  and  simple  to  use.  The  only  problem 
with  this  process  is  that  it  can  copy  instances  only  to  the  same  server — 
not  to  another  virtual  host.To  move  the  image  to  another  machine,  we 
had  to  move  the  VM  snapshots  we  took  to  shared  storage  manually 

Xm  also  does  basic  monitoring, and  shows  uptime, real-time  state, con¬ 
figuration  and  CPU  information.Through  xm.you  can  change  memory- 
use  boundaries  and  the  number  of  virtual  CPUs  available  within 
domains. 

From  the  xm  command  line,  you  also  can  read  logs  and  do  trou¬ 
bleshooting.  For  example,  we  could  view  the  message  buffer  logs  using 
the  xm-dmesg  command  to  peek  at  the  logs  during  various  phases  of 
testing. 

Reconfiguring  network  connections  for  VMs  with  Novell’s  tools  was 
tedious.  Because  it  uses  a  virtual  network  adapter,  making  changes  to 
network  settings  required  that  we  boot  a  non-Xen  kernel,  then  reboot 


back  into  Xen. 

Novell  SLES  Xen  had  no  alarms,  events  or  Xen-specific  reports  —  just 
those  that  can  be  found  in  SLES  10.2, which  aren’t  useful  forVM  moni¬ 
toring  or  alarm  management. 

SLES  10.2  Xen  had  one  unique  management  feature  among  competi¬ 
tors  in  that  it  let  us  change  the  number  of  CPUs  allocated  to  a  VM  while 
the  VM  is  running  (if  it  is  paravirtualized).  We  found  this  ability  to  real¬ 
locate  CPU  muscle  to  an  application  to  be  useful. 

Novell’s  SLES  10.2  Xen  uses  native  security  and  password-access  poli¬ 
cies,  which  are  chosen  as  the  default  security  for  the  overall  operating 
system.  Directory-access  user  security  is  enforced  via  SUSE’s  native  sup¬ 
ported  APIs  (LDAP  Kerberos).  SUSE  Xen  supports  access  via  Secure 
Shell  or  a  certificate.  As  with  Virtual  Iron,  there  are  no  restrictions  placed 
on  users  in  SLES  10.2  Xen  to  let  them  start  or  stop  VMs. 

Consolidation  and  migration 

Novell’s  SLES  Xen  does  not  have  a  P2V  tool  in  its  bundle.  PlateSpin 
is  a  Novell  company  however,  so  that’s  a  P2V  option  at  a  price,  and 
Novell  did  not  include  it  in  the  tested  bundle.  Virtual  Iron  OEMs  the 
technology,  however,  and  we  tested  it  as  part  of  that  package. 

The  general  SLES  10.2  Xen  migration  processes  worked  in  our  testing 
only  for  active  paravirtualized  guests.  It  doesn’t  work  if  the  VM  is  fully  vir¬ 
tualized  or  turned  off,  capabilities  that  competing  Xen  implementations 
can  carry  out.  Another  snag  in  Novell’s  migration  pattern  is  that  a  VM 
migration  via  iSCSI  was  only  temporary;  it  did  not  stick  to  the  new 
machine  if  we  rebooted  or  shut  it  down. 

Snapshots  (called  checkpoints  here)  are  also  available  with  the 
Novell  implementation  via  a  command-line  string:  -  xm  save  -c 
<domain>  checkpoint  file>.  If  we  used  the  -c  option,  the  server  contin¬ 
ued  running  (temporarily  pausing,  however).  If  we  performed  a  save, 
theVM  was  halted.  We  could  then  resume  from  the  previously  set  check¬ 
point  using  the  xm  restore  <checkpointfile>  command. 

Novell’s  SLES  10.2  Xen  has  great  promise  for  a  number  of  applications 
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that  require  virtualization,  and  its  value  as  a  member  of  the  normal  SLES 
10.2  “box”  gives  it  high  value,  absent  Novell’s  Orchestrator.  Linux-sawy 
administrators  can  certainly  make  Novell’s  Xen  work  for  them. 

Virtual  Iron  4.4  Enterprise  Edition 

Philosophically  speaking, Virtual  Iron  is  different  from  the  other  hyper¬ 
visors  tested  because  it  sets  up  a  hypervisor  server  farm  that  is  managed 
through  a  direct-control  application  over  a  private  link. The  Virtual  Iron 
4.4  Enterprise  Edition  we  tested  requires  a  separate  physical  machine 
used  as  a  management  server.  In  turn,  this  server  controls  what  Virtual 
Iron  calls  nodes  —  64-bit  hypervisor  VM-hosting  servers.  The  VMs  run¬ 
ning  on  top  of  these  nodes  are  still  referred  to  as  guests. 

Virtual  Iron  uses  a  master/slave  configuration  where  servers  use 
Preboot  execution  Environment  (PxE)  boot  mechanisms  to  start  their 
initial  program  loading,  and  then  they  become  substrates  for  virtualiza¬ 
tion. This  means  that  Virtual  Iron  slave  servers  have  two  networks,  a  pub¬ 
lic  one  that  faces  the  world  and  a  private  network  used  for  communica¬ 
tion  with  the  master  (a  machine  where  Virtual  Iron’s  management  appli¬ 
cation,  the  Vi-Center  console,  is  running). 

Virtual  Iron  platform  support  has  two  considerations,  one  for  the 
Virtual  Iron  Vi-Center  and  the  other  for  managed  nodes. 

The  Vl-Center  must  be  installed  on  a  machine  with  RHEL  4  (32-  or  64- 
bit),  Windows  2003  (32-bit),  or  SLES  9  (32-  or  64-bit)  —  all  of  which  are 
older  versions  of  these  operating  systems.To  useVI-Center,we  also  need¬ 
ed  to  have  Java  1.5.0  installed  on  this  machine. 

As  for  the  managed  nodes,  you  need  at  least  2GB  of  RAM,  an  Intel-VT 
or  AMD-V  processor,  either  SATA  or  SCSI  drives,  and  at  least  two  Ethernet 
ports.  A  full  listing  of  the  hardware  supported  can  be  found  on  Virtual 
Iron’s  Website  (www.nwdocfinder.com/8225). 

The  guest  operating  systems  supported  include  RHEL  3  and  RHEL  4 
and  5  (32-  and  64-bit);  SLES  9  and  10  (32-  and  64-bit);  CentOS  4  and  5 
(32-  and  64-bit);  Windows  Server  2000;  Windows  XP;  and  Windows  Server 
2003,  2008  and  Vista  (32-  and  64-bit).  All  must  run  fully  virtualized 
because  the  Virtual  Iron  hypervisor  does  not  support  paravirtualization.. 

Like  Citrix’s  XenServer, Virtual  Iron’s  Java-based  management  tools  are 
included  with  the  license.  Although  we  didn’t  run  into  as  many  configu¬ 
ration  errors  as  we  did  in  our  testing  of  XenServer,  we  did  have  our  share 
of  difficulties  using  Virtual  Iron’s  Java-based  GUI. 

To  get  the  Virtual  Iron  installation  off  the  ground,  we  had  to  create  a 
data  center  —  basically  an  object  in  which  the  nodes  are  virtually  held 
and  from  which  they  are  managed.  In  turn,  the  nodes  use  PxE  methods 
to  boot,  find  the  Java-based  management  server  and  take  directions 
from  it.  You  also  use  Vi-Center  to  build  and  provision  new  VMs  that  will 
reside  on  each  node. 

We  attempted  to  set  up  shared  storage  between  nodes,  but  were 
unable  to  use  NFS  because  it’s  not  supported.  So,  we  moved  on  to  iSCSI 
connections.To  set  up  iSCSI,  we  had  to  create  a  new  network  within  the 
GUI  and  check  the  iSCSI  box  —  which  then  takes  up  another  server 
Ethernet  port.  Luckily  we  could  still  use  that  same  network  link  for  con¬ 
necting  to  the  Internet  or  the  LAN  for  our  VMs,  although  the  company 
doesn’t  support  this  because  it’s  likely  to  clog  the  port  with  a  combina¬ 
tion  of  network  or  SCSI-targeted  data  communication.  Using  Virtual 
Iron’s  recommended  construction,  we  occasionally  lost  iSCSI  links. 

We  also  tested  an  interesting  and  unique  Wake-on-LAN  feature  to  man¬ 
age  Virtual  Iron  nodes  remotely  It  worked  quite  well  and  is  useful  for 
remote  management  tasks. 

Operating  and  monitoring  M  guests 

Once  we  had  Virtual  Iron  4.4  and  Vi-Center  in  place,  we  were  able  to 
move,  copy  and  migrate  VMs  in  sequential  operations.  Each  new  cloning 
job  had  to  wait  until  the  previous  one  finished:VI-Center  locks  out  other 
processes  from  executing  while  one  is  processing. We  saw  this  take  place 
when  we  were  creating  storage  components  and  ISO  images  and  start¬ 
ing  VMs.VI-Center  messages  said, “This  may  not  be  combined  with  other 


job  operations.” 

Cloning  VMs  didn’t  take  very  long,  depending  on  the  size  of  the  VM.We 
couldn’t  choose  a  name  for  a  cloned  server  at  the  time  of  cloning,  how¬ 
ever  (it  will  just  default  to  “Copy  ofVM  ...”),  which  seems  odd.  We  had  to 
rename  images  manually  afterwards. 

Virtual  Iron  4.4  supports  a  Live  Migration  feature  as  well.  Once  we  set 
up  our  disk  channels  (iSCSI  and  Fibre  Channel, an  untested  option),  we 
could  drag  and  drop  VMs  between  the  nodes  to  do  aVM  Live  Migration 
from  one  Virtual  Iron  host  to  another.The  GUI  doesn’t  make  it  obvious  or 
easy  but  it  works. 

Snapshots  included  in  the  Virtual  Iron  package  worked  well  in  testing 
generally  We  found  a  bug  in  the  process,  however,  in  that  storing  a  snap¬ 
shot,  then  reloading  a  VM  from  a  stored  snapshot  changes  the  MAC 
address  of  the  snapshot  VM’s  Ethernet  adapter.This  sets  off  a  cascade  that 
affects  SUSE  Linux  guests,  which  key  on  MAC  addresses,  forcing  a  recon¬ 
figuration  of  a  SLES  10.2  guest’s  network  information.We  reported  this  to 
Virtual  Iron  and  were  informed  it  was  a  known  bug. 

For  ongoing  VM  management,  we  could  use  the  Vi-Center  GUI  to  view 
dashboard-like  information  regarding  the  amount  of  VM  RAM  being 
used,  the  CPU  utilization,  and  the  number  of  VMs  started  or  stopped  (see 
screenshot, page  34). This  is  similar  to  the  level  of  monitoring  offered  by 
the  other  hypervisors. 

Policies,  which  act  like  the  other  hypervisors’  alarms  but  also  offer  cor¬ 
rective  actions  in  some  cases,  are  included  in  the  Virtual  Iron  offering. 
There  are  a  limited  number  of  built-in  policies  of  three  basic  types:  user 
policies,  reports  and  system  policies. We  could  edit  and  customize  these, 
but  there  doesn’t  seem  to  be  a  way  to  create  a  new  policy 

Among  the  user  policies  are  EmailNotifier,  which  sends  you  an  e-mail 
when  an  event  happens;  and  SystemBackup,  which  backs  up  the  data¬ 
base.  This  backup  policy  came  in  handy  a  couple  of  times  when  the 
database  became  corrupted  and  we  had  to  restore  from  a  backup. The 
system  policies  include  AutoRecovery  (a  feature  that  moves  VMs  to 
another  node  if  their  primary  node  goes  down)  and  LiveCapacity 
(which  moves  VMs  depending  on  resource  usage).  With  reports,  you  get 
detailed  information  about  events,  jobs,  nodes,  or  virtual  disks  or  servers. 
You  can  customize  these  reports  and  save  a  copy 

Virtual  Iron  let  us  use  Lightweight  Directory  Access  Protocol  (LDAP)- 
based  authenticated  directory-services  credentials  to  log  on  to  hypervi¬ 
sors;  the  hypervisor’s  security  therefore  is  only  as  strong  as  the  founda¬ 
tional  directory  service.  We  also  could  use  administrator-added  Virtual 
Iron-specific  users  for  tracking  purposes,  but  there  wasn’t  a  good  reason 
beyond  logging  to  do  so. 

The  Virtual  Iron  4.4  Enterprise  Edition  we  tested  includes  a  license  for 
Virtual  Iron  LiveConvert,  which  is  an  OEM  version  of  Novell’s  PlateSpin 
P2V  tool.To  use  it,  we  needed  an  extra  server  with  Windows  2003  Server 
(the  platform  we  tested  on)  or  Windows  2000  Server  installed  that  could 
host  Microsoft’s  SQL  Server,  which  LiveConvert  uses.  In  our  testing  we 
could  convert  only  Windows  XP  machines  because  Linux  and  Windows 
2008  are  not  supported  yet. 

Summary 

Were  we  to  pick  one  on  a  price-is-no-object  basis,  VMware  still  leads 
in  overall  performance,  but  Citrix  XenServer’s  transactional  perform¬ 
ance  and  burgeoning  management  qualities  make  it  a  great  value,  if  not 
quite  as  robust. 

Virtual  Iron  4.4  is  appealing  to  system  designers  who  like  the  ease  of 
PxE  media  provisioning  and  isolated  VM-farm  backplane  communica¬ 
tions  infrastructure  as  a  subsystem.  Also,  we  can’t  dismiss  Novell’s  SLES 
10.2,  because  it  impressed  us  with  what  we  could  see.  It  worked  well 
and  consistently  without  any  weird  quality-assurance  issues  like  the 
ones  we  saw  with  Citrix’s  implementation. 

The  good  news  is  that  there  are  certainly  a  number  of  viable  choices 
for  hypervisor  platforms.  Competition  hopefully  will  breed  excellence 
in  future  releases  of  these  products. 

Henderson  and  Allen  are  researchers  for  ExtremeLabs  in  Indianapolis. 
Contact  them  at  kitchen-sink@extremelabs.com. 
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Server  Technology 

Solutions  for  the  Data  Center  Equipment  Cabinet 


>  High  Power  Distribution: 

208V  3-Phase  30A/60A  or  400V  3-Phase  16A/32A 

>  Flexible  Mounting: 

Zero  U  or  Modular  mounting  inside  the  cabinet 

>  Delta  or  Wye  In-Feeds: 

Wye  in-feeds  can  also  provide  1 20V  power  outputs 

>  Multiple  Outlet  Types: 

I  EC  Cl  3,  Cl  9  &  NEMA  5-20R  outlets  in  multiple 
configurations 

>  Local  Current  LED's: 

Verification  of  input  current  and  for  load  balancing. 

>  Environmental  Monitoring: 

External  temperature  &  humidity  probes. 

>  Linking: 

Links  (2)  units  with  (1)  IP  address  for  Remote  Monitoring 

>  Remote  Control,  Monitoring  and  Security: 

Web  interface,  SSL,  SSH,  Telnet,  SNMP,  FTP,  SNTP,  Syslog, 
LDAP  &  LDAPS,  TACACS+  &  RS-232  access 


% 


Ci  § 


Server  Technology,  Inc.  /  Headquarters 

1040  Sandhill  Drive  tf  +1.800.835.1515 

Reno,  NV  89521 -USA  tel  +1.775.284.2000 

www.servertech.com  ^ax  +1-775.284.2065 

www.servertechblog.com  sales@servertech.com 


1 2-0utlet  Surge  Protected 
Rack,IVlount,Rower.Strip,Bar 


20  Amp  Model* 


SALE  PRICE 

*73.20 


LED  SHOWS: 
(Power,  Ground,  Surge) 


17-Outlet  Power  Strip 


15  Amp  Model* 

sale  price  ^  *20  Amp  Model  Also  Available! 


SHOWS:  Volts,  Amps,  Watt,  VA, 
Frequency,  Power  Factor  &  KWH 


purchase  directly  at 

A-Neutronics*  www.a-neutronics.com 

or  call  toll-free:  1-877-263-8876 


Gain  flexibility  with  the 

W  1  ’  . 

-  ,  1  r  I  * ^  ; 


:  '7 


www.networkTAPs.com 


- 


Efficiently  aggregate  full-duplex  data  into  your  analysis  or  security  device. 


BN 


•  Supports  10/100/1000 

•  Stream  into  two  different  devices 

•  Rack  mount  up  to  three  across 

•  Supports  all  commercial  analysis  systems 

•  Also  works  with  open-source  tools 

Learn  more.  Visitwww.networkTAPs.com. 


Buffer  options: 

256  MB . 

....  $1,295 

512  MB . 

....  $1,795 

1GB . 

....$2,195 

Qtapm 

Choose  from  a  variety  of  configurations,  options,  and  pricing.  Plus  a 
complete  line  of  copper  and  optical  /iTAPs  for  full-duplex  analyzer  systems. 
Free  overnight  delivery* 

www.networkTAPs.com  •  1 -866-GET-/1TAP 


C€  ®  'K 

1  v  '  'Free  overnight  delivery  on  all  U.S  orders  ovef  $295  confirmed  before  12  p.m  CentralT.me 

©  2008  Network  Instruments,  LIC.  nTAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Net-work  Instruments,  UC. 
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CES 

continued  from  page  10 

CarbonFund.org,  a  nonprofit  Web  site  that  spe¬ 
cializes  in  helping  companies  create  carbon- 
neutral  products. 

•  Nextar’s  NXBT-001  and  NXBT-002  solar-pow¬ 
ered  cell  phone  kits:  While  there  are  lots  of 
hands-free,  Bluetooth-enabled  cell  phone  car 
kits  out  there,  Nextar  is  hoping  that  its  NXBT 
kits  make  a  name  for  themselves  by  offering 
users  a  solar-powered  alternative  to  plugging 
their  kits  into  their  cars.  Nextar  says  the  NXBT- 
001  offers  10  hours  of  talk  time  when  it  is  fully 
charged,  while  the  NXBT-002  offers  six  hours  of 
talk  time  when  fully  charged. The  kits  also  uti¬ 
lize  Bluetooth  2.0  technology  to  give  users  talk 
range  of  as  much  as  30  feet,  the  company  says. 

•  Sony’s  VA10  laptop  and  “Eco”  Bravia  televi¬ 
sions:  Sony  decided  to  unwrap  products  this 
year  that  were  equal  parts  slim  and  green, 
including  its  8-inch,  1.4-pound  VA10  Lifestyle 
PC  and  its  “eco-friendly”  Bravia  VE5  television 
models.  The  VAIO  P  Series  computers  feature 
built-in  3G  capabilities,  as  well  as  802.1  In, 
Bluetooth  and  GPS  functionality  The  laptop 
also  is  powered  by  the  Intel  Z520  Atom  proces- 


Apple 

continued  from  page  12 

Gartner  warned  enterprises  that  the  device 
lacked  crucial  security  features  and  support 
for  widely  used  e-mail  systems,  such  as 
Microsoft  Exchange. 

Pund-IT’s  King  says  he’s  not  convinced  the 
iPhone  offers  more  productivity  benefits  than 
the  BlackBerry  but  says  concerns  about  merg¬ 
ing  the  iPhone  with  existing  email  systems 
seem  to  have  disappeared. 

Forrester  predicts  that  10%  of  small-to-mid- 
size  businesses  (SMB)  will  deploy  iPhones  in 
2009,  but  adoption  won’t  be  as  strong  among 
large  enterprises,  which  have  stricter  IT 
requirements. 

“Now  that  the  iPhone  3G  supports  Microsoft 
Exchange  ActiveSync,  push  email,  contacts 
and  calendar,  and  can  be  remotely  wiped  if 
lost  or  stolen,  it  does  indeed  address  key  busi¬ 
ness  mobility  requirements,”  Forrester  analyst 
Michele  Pelino  writes.  ‘As  a  result,  we  believe 
that  the  iPhone  will  make  a  more  significant 
dent  in  the  enterprise  mobility  market,  primar¬ 
ily  among  SMBs,  which  typically  don’t  have  as 
strict  IT  requirements  as  large  enterprises  or 
widespread  line-of-business  application 
deployments.” 

Apple  has  not  been  as  successful  with  its  line 
of-business  servers,  including  the  Mac  OS  X 
Server,  the  Mac  Pro  and  Xserve.  Apple’s  server- 
revenue  market  share  was  onetenth  of  one 
percent  in  the  third  quarter  of  2008,  with  rev¬ 
enue  of  $13  million  on  7,403  server  shipments, 
according  to  Gartner.  The  number  of  Apple 
shipments  was  higher  than  in  2007  but  revenue 
still  dropped  slightly 


sor.The  Bravia  VE5  TVs  have  zero-watt  standby 
power  switches  that  Sony  says  enables  them  “to 
reduce  power  consumption  by  almost  40% 
compared  to. . .  other  LCD  HDTV  models.” 

•  TTie  HP  Mini  2 140:  What  makes  the  Mini  so 
intriguing  is  its  long  battery  life  — according  to 
HPit  can  run  eight  hours  between  charges.The 
company  says  by  using  a  six-cell  battery  in  tan¬ 
dem  with  Intel’s  Atom  processor,  its  Mini  2140 
will  easily  outlast  the  battery  power  offered  by 
its  competitors.  The  computer  also  has  a  10.1- 
inch  display  screen,  a  hard  drive  that  offers  up 
to  80GB  and  a  QWERTY  keyboard  that  is  about 
92%  the  size  of  a  standard  one. 

•  MSI’s  Wind  NetOn  all-in-one  PC:  MSI  is 
upping  the  ante  in  its  competition  with  Asus 
by  debuting  its  Wind  NetOn  all-in-one  PC.  It 
features  a  touchscreen  display  and  is  powered 
by  Intel’s  dual-core  Atom  processor,  which 
happens  to  be  the  same  processor  that  the  HP 
Mini  2140  uses  to  significantly  extend  its  bat¬ 
tery  life.  The  Wind  NetOn  comes  in  two  mod¬ 
els,  one  with  a  19-inch  display  and  one  with  a 
22-inch  display 

Network  World  Senior  Editor  John  Cox  con¬ 
tributed  to  this  story. 


Buzz 

continued  from  page  42 

ited  “virtual”  university.  It  beamed  courses 
via  satellite  to  the  likes  of  IBM,  HP  and 
Motorola. 

21.  Voila!  BB84  QUANTUM  cryptography: 

Charles  Bennett  and  Gilles  Brassard  de¬ 
veloped  the  first  quantum  cryptography 
protocol. 

22.  ‘Looks  like  a  ROBOTICIDE,  captain”: 

On  July  21  in  Jackson,  Mich.,  the  nation’s  first 
fatal  robotics  accident  killed  a  34-year-old 
diecast  operator. 

23.  Out  for  a  SPACE  walk:  Shuttle 
Challenger  astronaut  Bruce  McCandless 
became  the  first  to  fly  in  space  with  neither  a 
craft  nor  lifeline. 

24:  “The  TERMINATOR”:  Now  that’s  net¬ 
work  trouble:  Kyle  Reese: “Defense  network 
computers  . . .  decided  our  fate  in  a  microsec¬ 
ond:  extermination.” 

25.  TRANSFORMERS  grow  up,  too:  That’s 
right,  Hasbro ’s  robots  in  disguise  have  been 
more  than  meets  the  eye  since  1984. 

Miss  any?  The  address  is  buzz@nww.com. 


Apple  recently  lured  server  expert  Mark 
Papermaster  away  from  IBM,  where  he  had 
worked  for  26  years  and  was  the  company’s  top 
official  working  on  Power  microprocessors 
and  the  vice  president  of  IBM’s  blade  server 
development  unit.  IBM  sued  Apple  to  block  it 
from  hiring  Papermaster,  saying  he  had  signed 
a  noncompetition  agreement  and  that  Apple 
competes  against  IBM  in  developing  servers, 
PCs  and  microprocessors. 

The  case  is  still  working  its  way  through 
court,  but  Apple  says  it  hired  Papermaster  not 
to  help  it  develop  better  servers  but  to  lead 
engineering  for  iPods  and  iPhones.  Apple  may 
want  to  tap  Papermaster’s  market  and  partner¬ 
ing  expertise  to  broaden  the  reach  of  the 
iPhone  further  into  the  enterprise, says  Gartner 
analyst  Jeffrey  Hewitt. 


Apple  has  made  multiple  attempts  over  the 
years  to  penetrate  the  server  market,  but  with 
limited  success,  says  Forrester  analyst  James 
Staten.  The  servers  are  attractive  for  such 
needs  as  video  and  photo  editing  and  pub¬ 
lishing,  and  video  game  development,  he 
says.  IT  folks  who  use  Mac  desktops  already 
sometimes  want  a  “Mac-like  server”  that’s  easy 
to  use  and  install,  Hewitt  adds. 

Although  Apple  servers  are  competitive  in 
terms  of  horsepower  they  don’t  meet  typi¬ 
cal  enterprise  standards,  according  to 
Staten,  who  notes  a  lack  of  integration  with 
remote  management  tools  that  make  it  eas¬ 
ier  to  identify  failures  and  potential  fixes. 
“It’s  a  big  leap  to  assume  an  Apple  would  be 
able  to  become  a  Tier  1  server  provider,”  he 
says.  ■ 
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MicroGoose 


MuroGoose 

limate  Monitor 


Built-in  Web  Interface 
Temperature  &  Humidity 
Power  over  Ethernet  Enabled 
E-mail  Alarms  &  Escalations 
SNMP,  XML,  HTTP,  HTTPS 
Optional  IP  Web  Cams 


Receive  our  FREE 


by  emailing  us  at 
FreeBook@ITWatchDogs.com 

with  your  mailing  address 
or  call  us  at  512-257-1462 


Server  Room 
Climate  &  Power 
Monitoring 


to  PrtMttt  Cmpater  Emapmnt 
'***»*  &  DowMimt  Utm* 


NetSim 


NETWORK  SIMULATOR 


CCENT®I  C  C  N  A®  I  CC  N  P® 


NetSim  Provides: 


Hands-on  training 
without  the  hardware 

Guided  labs  to  help 
you  learn  the  technology 

Ability  to  build  and 
test  your  own  network 


Get  Started  Learning  Today! 


.  ,,  r  ~  ■'  ■■■  >  •  -  •  ■ 

Instantly  Search  Terabytes  of  Text 


Contact  dtSearch  for 
fully-functional  evaluations 


♦  dozens  of  indexed,  unindexed,  fielded 
data  and  full-text  search  options 
(including  Unicode  support  for 
hundreds  of  international  languages) 

♦  file  parsers  /  converters  for 
hit-highlighted  display  of  all  popular 
file  types 

♦  Spider  supports  static  and  dynamic  web 
data;  highlights  hits  while  displaying 
links,  formatting  and  Images  intact 

♦  API  supports  .NET,  C++,  Java,  databases, 
etc.  New  .NET  Spider  API 

The  Smart  Choice  for 
Text  Retrieval®  since  1991 

♦  "Bottom  line:  dtSearch  manages  a 
terabyte  of  text  in  a  single  index 
and  returns  results  in  less  than  a 
second"  -  InfoWorld 

♦"For  combing  through  large 

amounts  of  data,"  dtSearch  "leads 
the  market"  -  Network  Computing 

♦  dtSearch  "covers  all  data  sources  ... 
powerful  Web-based  engines" 

-  eWEEK 

♦  dtSearch  "searches  at  blazing 
speeds"  -  Computer  Reseller  News 
Test  Center 

See  www.dtsearch.com  for  hundreds 
more  reviews,  and  hundreds  of 
developer  case  studies 


1-800-IT-FINDS  •  www.dtsearch.com 


NSAPHONE 

>TE  MONITORING  SOLUTIONS 


Notification  by  Phone  or 
E-mail  when  events  threaten  your 
Infrastructure. 


OKST  of 
Room! 


•  Physical  Security 

•  Video 

•  Temperature 

•  Power  Problems 

•  Water  on  the  Floor 

•  Humidity 

•  Smoke  and  Fire 

•  And  much  more 


New  solutions  starting 
at  under  $1,000 

Dealers  Wanted 

Contact  us  today  to  discuss  your  application 
_ _ _ 

www.ims-4000.com  877-373-2700 
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NETWORK  WORLD  LIVE  PRESENTS 


IT  ROADMAP  2009 


iC  ITRoadmap 

CONFERENCE  &  EXPO! 


REGISTER  NOW  AND  QUALIFY  TO  ATTEND  FREE 
www.networkworld.com/RM9NYPC  1 1-800-643-4668 


NEW  YORK 

FEBRUARY  10 

DENVER 

MARCH  10 

CHICAGO 

APRIL  2 

BOSTON 

MAY  6 
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WASHINGTON.  DC 

NOVEMBER  4 
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REGISTER  FOR  THE 
CITY  NEAR  YOU! 

One  don't  miss  day  in  a  year  like  no  other. 
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EMC2 
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Spirit  of  Service ” 
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Networking  by  HP 
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Global  Knowledge . 
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Computer  Center* 
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Want  to  see  your  name  added  to  this  list? 

Call  Andrea  D'Amato  at  508-766-5455  oradamato@nww.com 
to  learn  about  sponsorship  opportunities  and  benefits! 
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is  coming 


firsts  |\|ew  York 


TUESDAY,  FEBRUARY  10TH,  JACOB  JAVITS  CENTER 


Apps  in  the  clouds.  Security  that’s  virtual.  Data  Centers  going  green. 
And  now  an  economy  headed  south.  Need  new  answers?  Ways  to 
do  more  with  less?  Better  direction? 


At  last— some  good  news:  IT  Roadmap  2009. 

It’s  all-new  and  it’s  coming  to  New  York  first  in 
February.  The  premier,  one-day  event  that  combines 
a  professional  conference  and  with  a  private  expo 
focused  on  helping  frontline  IT  pros  succeed  in  10 
crucial  areas: 


1.  Network  Management,  Automation  &  Control 

2.  Securing  the  Network  Core 

3.  WAN  &  Branch  Office  Strategies 

4.  Virtualization 

5.  UC,  VoIP  &  Collaboration 

6.  SaaS,  Cloud  Computing,  &  Managed  Services 

7.  Security  and  Compliance 

8.  Green  IT  Initiatives 

9.  Application  Delivery 

10.  Data  Center  Infrastructure  &  Management 


Qualify  now  and  you  can  join 
us  free!  Sign  up  early  and 
you  can  attend  your  choice  of 
two  fast-paced,  info-rich 
sessions.  Gain  forecasts  from 
the  industry’s  most-followed 
analysts.  Case  histories 
from  successful  end  users. 
Personal  consults  and  rate 
quotes  (rom  IT’s  key  vendors. 
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COBOL  and  governmental  efficiencies 


Mark  Gibbs 


Welcome  to  a  new  year.  2008  saw  our 
401  (k)s  become  201  (k)s,  our  worries 
about  the  price  of  gas  come  and  go, 
our  house  values  plummet,  our  economy 
implode  and  our  IT  budgets  shrink.  It  was 

BACKSPIN  not  a  good  year. 

Will  2009  be  better?  Well,  at  least  we  have  a 
new  administration  about  to  take  office,  and 
the  transition  already  looks  orders  of  magni¬ 
tude  more  organized  and,  dare  I  say  it,  more  professional  than  the 
last  four  administrations. 

One  of  President-elect  Obama’s  recent  appointments  was  to  a  new 
post,  chief  performance  officer,  and  the  lucky  victim,  er,  office  holder  is 
Nancy  Killefer.who  has  impressive  credentials. The  CPO’s  job  will  be 
to  increase  governmental  efficiencies  and  eliminate  wasteful  spend¬ 
ing.  This  is  not  a  job  for  the  faint  of  heart. 

When  he  announced  Killefer’s  appointment,  Obama  said, “We  can 
no  longer  afford  to  sustain  the  old  ways  when  we  know  there  are 
new  and  more  efficient  ways  of  getting  the  job  done.”  Never  were 
truer  words  spoken,  and  government  IT  operations  have  to  be  a 
central  concern. 

The  reason  for  this  is  that  government  IT  has  been  extremely  conser¬ 
vative.  Consider  COBOL  —  most  of  us  probably  think  it’s  already  dead, 
but  no  so  fast.  For  all  the  advances  we’ve  had  in  programming  lan¬ 
guages  and  techniques  over  many  decades,  it  turns  out  COBOL  won’t 
be  pushing  up  daisies  any  time  soon,  particularly  in  the  government 
sector.  According  to  COBOL  purveyor  Micro  Focus,  COBOL  programs 
today  process  75%  of  the  world’s  business  data  and  around  90%  of  all 
financial  transactions. 

Take  a  look  at  California.  As  part  of  his  efforts  to  cure  the  state’s 


appalling  budget  deficit,  Gov.  Arnold  Schwarzenegger  demanded  state 
workers  be  paid  on  a  minimum-wage  basis,  but  was  told  by  state  con¬ 
troller  John  Chiang  that  no  such  thing  was  about  to  happen. 

This  was  not  some  kind  of  disobedience  on  Chiang’s  part,  but  rather 
a  result  of  the  state’s  having  a  payroll  system  written  entirely  in 
COBOL.To  save  money  California  had  laid  off  all  temporary  and  part- 
time  workers,  including  a  lot  of  consultants. You  guessed  it: The  only 
people  who  know  COBOL  are  the  consultants.  And  even  if  they  were 
still  employed  by  the  state, you  don’t  change  COBOL  installations  the 
size  of  California’s  payroll  system  in  weeks  or  even  months.  California 
has  been  trying  to  revamp  its  payroll  system  for  a  decade,  and  it  is  esti¬ 
mated  that  the  cost  would  now  be  almost  $200  million! 

This  is  but  a  single  story  of  the  government’s  use  of  COBOL. You  can 
bet  that  there  are  thousands  of  COBOL-based  systems  in  use  at  both 
federal  and  state  levels  that  desperately  need  overhauling.  Unfortu¬ 
nately  these  projects  have  been  put  off  for  years,  and  the  costs  of 
change  are  going  through  the  roof. 

Here’s  my  concern:  Getting  government  systems  away  from  outdated 
platforms  is  a  huge  undertaking,  and  the  true  costs  are  completely 
unknown.  But  unless  we  do  upgrade,  we’re  doomed  to  stagger  on  with 
the  inefficiencies  and  inflexibilities  of  systems  that  are  decades  past 
their  prime. 

Government  computing  is  where  this  country  desperately  needs  to 
have  a  strategic  focus  and  spend  a  lot  of  money  because  the  longer  we 
put  off  this  work,  the  more  it  will  cost  and  the  less  able  the  government 
will  be  to  address  the  data-processing  demands  of  the  21st  century 

Good  luck,  Ms.  Killefer. 

Gibbs  is  glad  not  to  be  a  COBOL  programmer  in  Ventura,  Calif. 
Program  your  thoughts  to  backspin@gibbs.com. 


M  This  year’s  25  geekiest  25th  anniversaries 


NETBUZZ 

News,  Insights,  oddities 


The  year  1984  provided  a  boatload  of 
technological  achievement  and  geeky 
infamy. The  media  will  revisit  the  actual 
anniversaries  one  by  one  over  the  next  12 
months,  but  here  they  are  today,  neatly 
alphabetized. (A  cooler  slideshow  version 
can  be  found  at  www.nwdocfinder.com 
8244.) 

1.  AT&T  disintegrates:  In  1974,  Uncle  Sam 
decided  AT&T  was  a  monopoly;  10  years  later, 
Ma  Bell’s  empire  was  dismantled. 

2.  BETAMAX  saved:  The  famous  Supreme  Court  “Betamax  case”  was 
all  set  to  go  against  movie  watchers  until  Justice  John  Paul  Stevens 
pulled  two  votes  out  of  the  fire. 

3.  It’s  a  bouncing  baby  CISCO:  Like  many  career  couples,  Len  Bosack 
and  Sandy  Lerner  decided  their  lives  were  incomplete  without  having 
a  router  company 

4.  CRACKBERRY  in  motion:  BlackBerry  maker  Research  In  Motion, 
which  sounds  like  it  should  be  the  name  of  a  geek  boy  band,  was 
founded  in  the  Canadian  city  of  Waterloo,  which  sounds  like  it  should 
be  an  ABBA  song. 

5.  CRASHING  a  jet  for  science:  Fitzhugh  Fulton  must  have  enjoyed 
his  job  of  remote-control  pilot  as  NASA  conducted  its  “controlled” 
demonstration  crash  of  a  Boeing  720. 

6.  Neuromancer  popularizes  CYBERSPACE:  William  Gibson’s  science- 
fiction  classic  won  all  kinds  of  awards  —  and  brought  the  word  “cyber¬ 
space”  into  the  lexicon. 

7.  Dude,  you’re  gonna  be  DELL  College  student  Michael  Dell  had 
the  idea  of  selling  computers  directly  to  customers,  much  like  his  class¬ 
mates  might  peddle  pot  out  of  their  dorm  rooms. 

8.  DISCMAN  takes  off:  Two  years  after  mass  production  of  CDs  com¬ 


menced,  Sony  released  the  first  portable  CD  player,  the  Discman.lt  was 
the  size  of  four  CD  cases. 

9.  DNA  fingerprinting  ABCs:  British  researcher  Alec  Jeffreys  stared  at 
a  batch  of  X-ray  film  and  recognized  a  method  for  putting  bad  guys 
behind  bars. 

10.  Your  ELEPHONE’S  ringing:  Willy  Wonka’s  “last  major  invention 
(1984)  was  the  Elephone,a  telephone  that  works  in  an  elevator’ says 
Wikiality,  The  Truthiness  Encyclopedia. 

11.  Future  of  FACEBOOK:  Mark  Zuckerberg  was  born  on  May  14, 
1984,  to  Karen  and  Edward  Zuckerberg  of  Boca  Raton,  Fla. 

12.  FLASH  memory:  Fujio  Masuoka,  a  Toshiba  researcher,  invented 
flash  memory 

13.  “Who  you  gonna  call?  GHOSTBUSTERS”:  A  staple  on  “funniest 
movies  ever”  lists, “Ghostbusters”  opened  June  8  to  great  reviews. 

14.  Bemie  GOETZ:  Geek  with  a  gun:  Hero?  Trigger-happy  racist? 
Whatever  your  view,  there’s  no  doubt  Bernard  (“Subway  Vigilante”) 
Goetz  was  a  geek. 

15. 2600  The  HACKER  Quarterly  debuts:  A  friend  calls  it  “the  hacker’s 

Home  &  Garden .” 

16.  Hi  to  HASSIUM:  Just  don’t  touch.  A  synthetic  element  (No.  108),  it 
was  discovered  by  German  scientists;  it’s  nasty  stuff. 

17.  K250:  “Isn’t  she  lovely”:  That  was  Stevie  Wonder  expressing  his 
man  love  for  Ray  Kurzweil  and  the  Kurzweil  K250,an  electronic  synthe¬ 
sizer  Wonder  had  asked  for  two  years  before. 

18.  “Hello,  I’m  a  MAC”:  Two  days  after  its  now-iconic  TV  commercial, 
dubbed  “1984,”  aired  during  the  Super  Bowl,  Apple’s  Macintosh  went  on 
sale  to  the  public. 

19.  MATHCOUNTS  kicks  spelling-bee  backside:  The  first  national 
MATHCOUNTS  competition  was  held. 

20.  Go  NTU:  National  Technological  University  was  the  first  accred- 

See  Buzz,  page  38 
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ALTERNATIVE  THINKING  ABOUT  SYSTEM  POTENTIAL: 


See  eye  to  eye  with  your  budget 
without  limiting  your  vision 


Compromising  is  fine.  For  other  people.  But  now  you  can  watch  your  bottom  line, 
while  still  getting  a  look  into  the  future.  The  HP  portfolio  of  solutions  erases  the  gap 
between  cost  and  innovation,  while  delivering  reliable  ProLiant  technology,  all  at 
prices  that  require  a  second  look.  So,  while  others  try  to  think  outside  the  box 
rethinking  what  goes  on  inside  it. 

Technology  for  better  business  outcomes. 


we  re 


z-'\ 


HP  BladeSys 
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Lease  for  just  $110/mo. 

Smart  [PN.  481658-001] 

•  Supports  up  to  8  server  blade 
devices  in  a  6U  enclosure 

•  3-year  limited  warranty 


HP  ProLian 
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Lease  for  just  $18/mo. 

Smart  [PN:  Q1580SB] 

•  One-Button  Disaster  Recovery  feature 
easily  restores  lost  files,  applications 

•  Store  up  to  160GB  on  a  single  cartridge, 
while  backing  up  to  50GB/hr. 


Lease  for  just  $21/mo. 

Smart  [PN:  470064-763] 

•  Powered  by  the  Intel®  Core™  2  Duo  Processor 

•  One  250GB  SATA  hard  drive 

•  2GB  memory 

•  1-year  limited  warranty 


Lease  for  just  $22/mo. 

Smart  [PN:  480965-B21] 

•  Powered  by  the  Intel®  Xeon®  Processor 

•  2GB  memory 

•  1-year  limited  warranty 


See  additional  HP  models  which  feature  small  form  factor,  high-performance  SAS  hard  drives. 


To  learn  more,  call  1-866-625-1016  or  visit  hp.com/servers/rethinkl5 


Prices  shown  are  HP  Direct  prices;  reseller  and  retail  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  include  applicable  state  and  local  taxes  or  shipping  to  recipient's  address.  Offers  cannot  be  combined  with  any  other  offer 
or  discount  and  ore  good  while  supplies  lost.  All  featured  offers  available  in  U.S.  only.  Savings  based  on  HP  published  list  price  of  configure-to-order  equivolent  (Enclosure:  $5,822  -  $1,863  instant  savings  =  Smcrtfiuy  price  of  $3,959;  Blade 
Server:  $1,530  -  $631  instant  savings  =  SmortBuy  price  of  $899;  Rack  Server:  $1,188  -  $339  instant  savings  =  SmartBuy  price  of  $849;  Tape  Drive:  $809  -  $80  instont  savings  =  SmartBuy  price  of  $729). 

Intel,  the  Intel  logo,  Xeon  ond  Xeon  Inside  are  trademarks  of  Intel  Corporation  in  the  U.S.  ond  other  countries. 

©  2008  Hewlett-Packard  Development  Company,  L.P.  The  information  contained  herein  is  subject  to  change  without  notice. 


University  of  Indianapolis 
.Hacked:  11K  Student, 
[Faculty,  Staff  records  stolen 


Trojan  horse  captures  data 
on  2,300  Oregon  taxpayers 


Credit  Card 
Numbers  Stolei 
from  TJX 

Millions  of  U.S.  customers  li 
informed  today  that 

*hetr  credit  card  nunjRp 


HOTEL  CHAIN  FALLS  VICTIM 
TO  14,000  DATA-STEALING 
I  MALWARE  INCIDENTS 


98,930  Affected  In 
Forever  21  Data  Breach 


mr> 


THINK  THE  NEXT  GENERATION  OF  MALWARE 
doesn’t  have  a  headline  waiting  for  you? 


Data-stealing  malware  is  smarter,  faster  and  more  advanced  than  ever.  It's  infiltrating  the  most  secure  enterprises 
and  yours  could  be  next.  But  with  Trend  Micro™  Enterprise  Security,  powered  by  the  Trend  Micro  Smart  Protection 
Network,  you'll  be  ready.  This  unigue  combination  of  solutions  and  services  is  the  next-generation,  cloud-client 
security  infrastructure  that  blocks  the  most  sophisticated  threats-before  they  reach  your  network.  Download 
our  eBook  and  learn  how  easily  Web  threats  like  data-stealing  malware  can  evade  your  current  security  solution 
and  what  you  can  do  about  it. 


Download  our  Outthink  the  Threat  eBook  and  register  for  a  free, 
onsite  risk  assessment  now  at  trendmicro.com/thinkagain. 
Or  contact  us  for  more  information  at  877-21-TREND  EXT.  53 
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Securing  Vour  Web  World 


reserved.  Trend  Micro  and  the  t-ball  logo  are  trac 
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